summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSebastian Pipping <sping@gentoo.org>2021-06-02 13:32:16 +0200
committerSebastian Pipping <sping@gentoo.org>2021-06-02 13:34:59 +0200
commitc2d8827505a9f03a77a066cb21976932cf7eada7 (patch)
tree630d21e2879dcb5e19c0a4c85a36bfb3647a79ec
parentdev-ada/gnatsymbolize: bump to 2021 (diff)
downloadgentoo-c2d8827505a9f03a77a066cb21976932cf7eada7.tar.gz
gentoo-c2d8827505a9f03a77a066cb21976932cf7eada7.tar.bz2
gentoo-c2d8827505a9f03a77a066cb21976932cf7eada7.zip
games-board/gnuchess: CVE-2021-30184
Bug: https://bugs.gentoo.org/780855 Signed-off-by: Sebastian Pipping <sping@gentoo.org> Package-Manager: Portage-3.0.19, Repoman-3.0.3
-rw-r--r--games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch72
-rw-r--r--games-board/gnuchess/gnuchess-6.2.8-r1.ebuild21
2 files changed, 93 insertions, 0 deletions
diff --git a/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch
new file mode 100644
index 000000000000..dfa89a0e17c3
--- /dev/null
+++ b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch
@@ -0,0 +1,72 @@
+From 7059e40c7a487b17886e1d345b52fc0cfca8df72 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Wed, 2 Jun 2021 13:15:29 +0200
+Subject: [PATCH] frontend/cmd.cc: Fix buffer overflow CVE-2021-30184
+
+Based on prior work by Michael Vaughan,
+with "break;" replaced by "return;" and
+magic number 9 resolved by strlen("setboard ").
+
+Mimics close-to-identical existing code from
+elsewhere in the the same file.
+---
+ src/frontend/cmd.cc | 30 ++++++++++++++++++++++--------
+ 1 file changed, 22 insertions(+), 8 deletions(-)
+
+diff --git a/src/frontend/cmd.cc b/src/frontend/cmd.cc
+index a321fc2..394d03f 100644
+--- a/src/frontend/cmd.cc
++++ b/src/frontend/cmd.cc
+@@ -477,13 +477,20 @@ void cmd_pgnload(void)
+ return;
+ }
+
+- strcpy( data, "setboard " );
++ const char setboardCmd[] = "setboard ";
++ unsigned int setboardLen = strlen(setboardCmd);
++ strcpy( data, setboardCmd );
+ int i=0;
+ while ( epdline[i] != '\n' ) {
+- data[i+9] = epdline[i];
+- ++i;
++ if (i + setboardLen < MAXSTR - 1) {
++ data[i+setboardLen] = epdline[i];
++ ++i;
++ } else {
++ printf( _("Error reading contents of file '%s'.\n"), token[1] );
++ return;
++ }
+ }
+- data[i+9] = '\0';
++ data[i+setboardLen] = '\0';
+ SetDataToEngine( data );
+ SetAutoGo( true );
+ pgnloaded = 0;
+@@ -501,13 +508,20 @@ void cmd_pgnreplay(void)
+ return;
+ }
+
+- strcpy( data, "setboard " );
++ const char setboardCmd[] = "setboard ";
++ unsigned int setboardLen = strlen(setboardCmd);
++ strcpy( data, setboardCmd );
+ int i=0;
+ while ( epdline[i] != '\n' ) {
+- data[i+9] = epdline[i];
+- ++i;
++ if (i + setboardLen < MAXSTR - 1) {
++ data[i+setboardLen] = epdline[i];
++ ++i;
++ } else {
++ printf( _("Error reading contents of file '%s'.\n"), token[1] );
++ return;
++ }
+ }
+- data[i+9] = '\0';
++ data[i+setboardLen] = '\0';
+
+ SetDataToEngine( data );
+ SetAutoGo( true );
+--
+2.31.1
+
diff --git a/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild
new file mode 100644
index 000000000000..af4c32879a82
--- /dev/null
+++ b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild
@@ -0,0 +1,21 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+DESCRIPTION="Console based chess interface"
+HOMEPAGE="https://www.gnu.org/software/chess/chess.html"
+SRC_URI="mirror://gnu/chess/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-cve-2021-30184.patch # bug 780855
+)
+
+src_configure() {
+ # bug #491088
+ econf --without-readline
+}