summaryrefslogtreecommitdiff
path: root/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2018-07-14 21:03:06 +0100
committerV3n3RiX <venerix@redcorelinux.org>2018-07-14 21:03:06 +0100
commit8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 (patch)
tree7681bbd4e8b05407772df40a4bf04cbbc8afc3fa /games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch
parent30a9caf154332f12ca60756e1b75d2f0e3e1822d (diff)
gentoo resync : 14.07.2018
Diffstat (limited to 'games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch')
-rw-r--r--games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch20
1 files changed, 20 insertions, 0 deletions
diff --git a/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch b/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch
new file mode 100644
index 000000000000..3b8b066a81cd
--- /dev/null
+++ b/games-strategy/dopewars/files/dopewars-1.5.12-CVE-2009-3591.patch
@@ -0,0 +1,20 @@
+Patch for CVE-2009-3591 -- bug 288295.
+
+Fetched from upstream SVN:
+http://dopewars.svn.sourceforge.net/viewvc/dopewars/dopewars/trunk/src/serverside.c?r1=1033&r2=1032&pathrev=1033
+
+--- trunk/src/serverside.c 2009/03/10 07:18:49 1032
++++ trunk/src/serverside.c 2009/10/05 04:11:32 1033
+@@ -504,6 +504,12 @@
+ break;
+ case C_REQUESTJET:
+ i = atoi(Data);
++ /* Make sure value is within range */
++ if (i < 0 || i >= NumLocation) {
++ dopelog(3, LF_SERVER, _("%s: DENIED jet to invalid location %s"),
++ GetPlayerName(Play), Data);
++ break;
++ }
+ if (Play->EventNum == E_FIGHT || Play->EventNum == E_FIGHTASK) {
+ if (CanRunHere(Play)) {
+ break;