diff options
author | Sebastian Pipping <sping@gentoo.org> | 2021-06-02 13:32:16 +0200 |
---|---|---|
committer | Sebastian Pipping <sping@gentoo.org> | 2021-06-02 13:34:59 +0200 |
commit | c2d8827505a9f03a77a066cb21976932cf7eada7 (patch) | |
tree | 630d21e2879dcb5e19c0a4c85a36bfb3647a79ec | |
parent | dev-ada/gnatsymbolize: bump to 2021 (diff) | |
download | gentoo-c2d8827505a9f03a77a066cb21976932cf7eada7.tar.gz gentoo-c2d8827505a9f03a77a066cb21976932cf7eada7.tar.bz2 gentoo-c2d8827505a9f03a77a066cb21976932cf7eada7.zip |
games-board/gnuchess: CVE-2021-30184
Bug: https://bugs.gentoo.org/780855
Signed-off-by: Sebastian Pipping <sping@gentoo.org>
Package-Manager: Portage-3.0.19, Repoman-3.0.3
-rw-r--r-- | games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch | 72 | ||||
-rw-r--r-- | games-board/gnuchess/gnuchess-6.2.8-r1.ebuild | 21 |
2 files changed, 93 insertions, 0 deletions
diff --git a/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch new file mode 100644 index 000000000000..dfa89a0e17c3 --- /dev/null +++ b/games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch @@ -0,0 +1,72 @@ +From 7059e40c7a487b17886e1d345b52fc0cfca8df72 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Wed, 2 Jun 2021 13:15:29 +0200 +Subject: [PATCH] frontend/cmd.cc: Fix buffer overflow CVE-2021-30184 + +Based on prior work by Michael Vaughan, +with "break;" replaced by "return;" and +magic number 9 resolved by strlen("setboard "). + +Mimics close-to-identical existing code from +elsewhere in the the same file. +--- + src/frontend/cmd.cc | 30 ++++++++++++++++++++++-------- + 1 file changed, 22 insertions(+), 8 deletions(-) + +diff --git a/src/frontend/cmd.cc b/src/frontend/cmd.cc +index a321fc2..394d03f 100644 +--- a/src/frontend/cmd.cc ++++ b/src/frontend/cmd.cc +@@ -477,13 +477,20 @@ void cmd_pgnload(void) + return; + } + +- strcpy( data, "setboard " ); ++ const char setboardCmd[] = "setboard "; ++ unsigned int setboardLen = strlen(setboardCmd); ++ strcpy( data, setboardCmd ); + int i=0; + while ( epdline[i] != '\n' ) { +- data[i+9] = epdline[i]; +- ++i; ++ if (i + setboardLen < MAXSTR - 1) { ++ data[i+setboardLen] = epdline[i]; ++ ++i; ++ } else { ++ printf( _("Error reading contents of file '%s'.\n"), token[1] ); ++ return; ++ } + } +- data[i+9] = '\0'; ++ data[i+setboardLen] = '\0'; + SetDataToEngine( data ); + SetAutoGo( true ); + pgnloaded = 0; +@@ -501,13 +508,20 @@ void cmd_pgnreplay(void) + return; + } + +- strcpy( data, "setboard " ); ++ const char setboardCmd[] = "setboard "; ++ unsigned int setboardLen = strlen(setboardCmd); ++ strcpy( data, setboardCmd ); + int i=0; + while ( epdline[i] != '\n' ) { +- data[i+9] = epdline[i]; +- ++i; ++ if (i + setboardLen < MAXSTR - 1) { ++ data[i+setboardLen] = epdline[i]; ++ ++i; ++ } else { ++ printf( _("Error reading contents of file '%s'.\n"), token[1] ); ++ return; ++ } + } +- data[i+9] = '\0'; ++ data[i+setboardLen] = '\0'; + + SetDataToEngine( data ); + SetAutoGo( true ); +-- +2.31.1 + diff --git a/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild new file mode 100644 index 000000000000..af4c32879a82 --- /dev/null +++ b/games-board/gnuchess/gnuchess-6.2.8-r1.ebuild @@ -0,0 +1,21 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +DESCRIPTION="Console based chess interface" +HOMEPAGE="https://www.gnu.org/software/chess/chess.html" +SRC_URI="mirror://gnu/chess/${P}.tar.gz" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" + +PATCHES=( + "${FILESDIR}"/${P}-cve-2021-30184.patch # bug 780855 +) + +src_configure() { + # bug #491088 + econf --without-readline +} |