# HG changeset patch # User John "Elwin" Edwards # Date 1620083137 14400 # Node ID 827441d05b3ef64e74ebdaf3ca789aecb695a3b7 # Parent 11aeff9acc0723fc21f4aa7e5cfd287512e25252 Advanced Rogue family: fix some potential buffer overflows. Some code for determining the score file location assumed that PATH_MAX would be less than 1024, which cannot be guaranteed. Advanced Rogue 5 and 7, and XRogue, have had the buffers for the file name enlarged. UltraRogue never called the functions, so the code has been deleted instead. diff -r 11aeff9acc07 -r 827441d05b3e arogue5/main.c --- a/arogue5/main.c Sun May 02 21:54:11 2021 -0400 +++ b/arogue5/main.c Mon May 03 19:05:37 2021 -0400 @@ -61,6 +61,7 @@ * get home and options from environment */ strncpy(home,md_gethomedir(),LINELEN); + home[LINELEN-1] = '\0'; #ifdef SAVEDIR if (argc >= 3 && !strcmp(argv[1], "-n")) { @@ -82,8 +83,8 @@ } #ifdef SCOREFILE - strncpy(score_file, SCOREFILE, LINELEN); - score_file[LINELEN - 1] = '\0'; + strncpy(score_file, SCOREFILE, PATH_MAX); + score_file[PATH_MAX - 1] = '\0'; #else /* Get default score file */ strcpy(score_file, roguedir); diff -r 11aeff9acc07 -r 827441d05b3e arogue5/mdport.c --- a/arogue5/mdport.c Sun May 02 21:54:11 2021 -0400 +++ b/arogue5/mdport.c Mon May 03 19:05:37 2021 -0400 @@ -418,7 +418,7 @@ char * md_getroguedir(void) { - static char path[1024]; + static char path[PATH_MAX-20]; char *end,*home; if ( (home = getenv("ROGUEHOME")) != NULL) @@ -427,13 +427,17 @@ { strncpy(path, home, PATH_MAX - 20); - end = &path[strlen(path)-1]; + if (path[PATH_MAX-21] == '\0') + { + + end = &path[strlen(path)-1]; - while( (end >= path) && ((*end == '/') || (*end == '\\'))) - *end-- = '\0'; + while( (end >= path) && ((*end == '/') || (*end == '\\'))) + *end-- = '\0'; - if (directory_exists(path)) - return(path); + if (directory_exists(path)) + return(path); + } } } diff -r 11aeff9acc07 -r 827441d05b3e arogue5/options.c --- a/arogue5/options.c Sun May 02 21:54:11 2021 -0400 +++ b/arogue5/options.c Mon May 03 19:05:37 2021 -0400 @@ -17,6 +17,7 @@ #include "curses.h" #include #include +#include #include "rogue.h" #define NUM_OPTS (sizeof optlist / sizeof (OPTION)) @@ -91,7 +92,7 @@ /* For the score file, which must be opened. */ int get_score(char *optstr, WINDOW *win) { - char old_score_file[LINELEN]; + char old_score_file[PATH_MAX]; int status; if (use_savedir) diff -r 11aeff9acc07 -r 827441d05b3e arogue5/rogue.c --- a/arogue5/rogue.c Sun May 02 21:54:11 2021 -0400 +++ b/arogue5/rogue.c Mon May 03 19:05:37 2021 -0400 @@ -13,6 +13,7 @@ */ #include +#include #include "curses.h" #include "rogue.h" @@ -85,7 +86,7 @@ char *m_guess[MAXMM]; /* Players guess at what MM is */ char *ws_type[MAXSTICKS]; /* Is it a wand or a staff */ char file_name[256]; /* Save file name */ -char score_file[LINELEN]; /* Score file name */ +char score_file[PATH_MAX]; /* Score file name */ char home[LINELEN]; /* User's home directory */ WINDOW *cw; /* Window that the player sees */ WINDOW *hw; /* Used for the help command */ diff -r 11aeff9acc07 -r 827441d05b3e arogue7/main.c --- a/arogue7/main.c Sun May 02 21:54:11 2021 -0400 +++ b/arogue7/main.c Mon May 03 19:05:37 2021 -0400 @@ -16,6 +16,7 @@ #include #include #include +#include #include #ifdef BSD #include @@ -59,6 +60,7 @@ */ strncpy(home, md_gethomedir(), LINELEN); + home[LINELEN-1] = '\0'; /* Get default save file */ strcpy(file_name, home); @@ -66,8 +68,8 @@ /* Get default score file */ #ifdef SCOREFILE - strncpy(score_file, SCOREFILE, LINELEN); - score_file[LINELEN-1] = '\0'; + strncpy(score_file, SCOREFILE, PATH_MAX); + score_file[PATH_MAX-1] = '\0'; #else strcpy(score_file, md_getroguedir()); diff -r 11aeff9acc07 -r 827441d05b3e arogue7/mdport.c --- a/arogue7/mdport.c Sun May 02 21:54:11 2021 -0400 +++ b/arogue7/mdport.c Mon May 03 19:05:37 2021 -0400 @@ -421,7 +421,7 @@ char * md_getroguedir(void) { - static char path[1024]; + static char path[PATH_MAX-20]; char *end,*home; if ( (home = getenv("ROGUEHOME")) != NULL) @@ -430,13 +430,16 @@ { strncpy(path, home, PATH_MAX - 20); - end = &path[strlen(path)-1]; + if (path[PATH_MAX-21] == '\0') + { + end = &path[strlen(path)-1]; - while( (end >= path) && ((*end == '/') || (*end == '\\'))) - *end-- = '\0'; + while( (end >= path) && ((*end == '/') || (*end == '\\'))) + *end-- = '\0'; - if (directory_exists(path)) - return(path); + if (directory_exists(path)) + return(path); + } } } diff -r 11aeff9acc07 -r 827441d05b3e arogue7/options.c --- a/arogue7/options.c Sun May 02 21:54:11 2021 -0400 +++ b/arogue7/options.c Mon May 03 19:05:37 2021 -0400 @@ -21,6 +21,7 @@ #include "curses.h" #include +#include #include #include "rogue.h" @@ -491,7 +492,7 @@ int get_score(char *optstr, WINDOW *win) { - char old_score_file[LINELEN]; + char old_score_file[PATH_MAX]; int status; if (use_savedir) diff -r 11aeff9acc07 -r 827441d05b3e arogue7/rogue.c --- a/arogue7/rogue.c Sun May 02 21:54:11 2021 -0400 +++ b/arogue7/rogue.c Mon May 03 19:05:37 2021 -0400 @@ -13,6 +13,7 @@ */ #include +#include #include "curses.h" #include "rogue.h" #ifdef PC7300 @@ -102,7 +103,7 @@ char *m_guess[MAXMM]; /* Players guess at what MM is */ char *ws_type[MAXSTICKS]; /* Is it a wand or a staff */ char file_name[LINELEN]; /* Save file name */ -char score_file[LINELEN]; /* Score file name */ +char score_file[PATH_MAX]; /* Score file name */ char home[LINELEN]; /* User's home directory */ WINDOW *cw; /* Window that the player sees */ WINDOW *hw; /* Used for the help command */ diff -r 11aeff9acc07 -r 827441d05b3e urogue/mdport.c --- a/urogue/mdport.c Sun May 02 21:54:11 2021 -0400 +++ b/urogue/mdport.c Mon May 03 19:05:37 2021 -0400 @@ -401,54 +401,6 @@ #endif } -int -directory_exists(char *dirname) -{ - struct stat sb; - - if (stat(dirname, &sb) == 0) /* path exists */ - return (sb.st_mode & S_IFDIR); - - return(0); -} - -char * -md_getroguedir() -{ - static char path[1024]; - char *end,*home; - - if ( (home = getenv("ROGUEHOME")) != NULL) - { - if (*home) - { - strncpy(path, home, PATH_MAX - 20); - - end = &path[strlen(path)-1]; - - while( (end >= path) && ((*end == '/') || (*end == '\\'))) - *end-- = '\0'; - - if (directory_exists(path)) - return(path); - } - } - - if (directory_exists("/var/games/roguelike")) - return("/var/games/roguelike"); - if (directory_exists("/var/lib/roguelike")) - return("/var/lib/roguelike"); - if (directory_exists("/var/roguelike")) - return("/var/roguelike"); - if (directory_exists("/usr/games/lib")) - return("/usr/games/lib"); - if (directory_exists("/games/roguelik")) - return("/games/roguelik"); - if (directory_exists(md_gethomedir())) - return(md_gethomedir()); - return(""); -} - char * md_getrealname(int uid) { diff -r 11aeff9acc07 -r 827441d05b3e xrogue/main.c --- a/xrogue/main.c Sun May 02 21:54:11 2021 -0400 +++ b/xrogue/main.c Mon May 03 19:05:37 2021 -0400 @@ -20,6 +20,7 @@ #include #include #include +#include #include #include "mach_dep.h" @@ -44,6 +45,7 @@ */ strncpy(home, md_gethomedir(), LINELEN); + home[LINELEN-1] = '\0'; /* Get default save file */ strcpy(file_name, home); @@ -51,8 +53,8 @@ /* Get default score file */ #ifdef SCOREFILE - strncpy(score_file, SCOREFILE, LINELEN); - score_file[LINELEN-1] = '\0'; + strncpy(score_file, SCOREFILE, PATH_MAX); + score_file[PATH_MAX-1] = '\0'; #else strcpy(score_file, md_getroguedir()); diff -r 11aeff9acc07 -r 827441d05b3e xrogue/options.c --- a/xrogue/options.c Sun May 02 21:54:11 2021 -0400 +++ b/xrogue/options.c Mon May 03 19:05:37 2021 -0400 @@ -24,6 +24,7 @@ #include #include #include +#include #include "rogue.h" #define NUM_OPTS (sizeof optlist / sizeof (OPTION)) @@ -524,7 +525,7 @@ int get_score(char *optstr, WINDOW *win) { - char old_score_file[LINELEN]; + char old_score_file[PATH_MAX]; int status; if (use_savedir) diff -r 11aeff9acc07 -r 827441d05b3e xrogue/rogue.c --- a/xrogue/rogue.c Sun May 02 21:54:11 2021 -0400 +++ b/xrogue/rogue.c Mon May 03 19:05:37 2021 -0400 @@ -18,6 +18,7 @@ #include #include +#include #include "rogue.h" /* @@ -90,7 +91,7 @@ char *m_guess[MAXMM]; /* Players guess at what MM is */ char *ws_type[MAXSTICKS]; /* Is it a wand or a staff */ char file_name[LINELEN]; /* Save file name */ -char score_file[LINELEN]; /* Score file name */ +char score_file[PATH_MAX]; /* Score file name */ char home[LINELEN]; /* User's home directory */ WINDOW *cw; /* Window that the player sees */ WINDOW *hw; /* Used for the help command */ diff -r 11aeff9acc07 -r 827441d05b3e xrogue/state.c --- a/xrogue/state.c Sun May 02 21:54:11 2021 -0400 +++ b/xrogue/state.c Mon May 03 19:05:37 2021 -0400 @@ -3301,7 +3301,7 @@ char * md_getroguedir(void) { - static char path[1024]; + static char path[PATH_MAX-20]; char *end,*home; if ( (home = getenv("ROGUEHOME")) != NULL) @@ -3310,14 +3310,17 @@ { strncpy(path, home, PATH_MAX - 20); - end = &path[strlen(path)-1]; - - - while( (end >= path) && ((*end == '/') || (*end == '\\'))) - *end-- = '\0'; - - if (directory_exists(path)) - return(path); + if (path[PATH_MAX-21] == '\0') + { + end = &path[strlen(path)-1]; + + + while( (end >= path) && ((*end == '/') || (*end == '\\'))) + *end-- = '\0'; + + if (directory_exists(path)) + return(path); + } } }