changeset 310:827441d05b3e

Advanced Rogue family: fix some potential buffer overflows. Some code for determining the score file location assumed that PATH_MAX would be less than 1024, which cannot be guaranteed. Advanced Rogue 5 and 7, and XRogue, have had the buffers for the file name enlarged. UltraRogue never called the functions, so the code has been deleted instead.
author John "Elwin" Edwards
date Mon, 03 May 2021 19:05:37 -0400
parents 11aeff9acc07
children 28e22fb35989
files arogue5/main.c arogue5/mdport.c arogue5/options.c arogue5/rogue.c arogue7/main.c arogue7/mdport.c arogue7/options.c arogue7/rogue.c urogue/mdport.c xrogue/main.c xrogue/options.c xrogue/rogue.c xrogue/state.c
diffstat 13 files changed, 54 insertions(+), 81 deletions(-) [+]
line wrap: on
line diff
--- a/arogue5/main.c	Sun May 02 21:54:11 2021 -0400
+++ b/arogue5/main.c	Mon May 03 19:05:37 2021 -0400
@@ -61,6 +61,7 @@
      * get home and options from environment
      */
     strncpy(home,md_gethomedir(),LINELEN);
+    home[LINELEN-1] = '\0';
 
 #ifdef SAVEDIR
     if (argc >= 3 && !strcmp(argv[1], "-n")) {
@@ -82,8 +83,8 @@
     }
 
 #ifdef SCOREFILE
-    strncpy(score_file, SCOREFILE, LINELEN);
-    score_file[LINELEN - 1] = '\0';
+    strncpy(score_file, SCOREFILE, PATH_MAX);
+    score_file[PATH_MAX - 1] = '\0';
 #else
     /* Get default score file */
     strcpy(score_file, roguedir);
--- a/arogue5/mdport.c	Sun May 02 21:54:11 2021 -0400
+++ b/arogue5/mdport.c	Mon May 03 19:05:37 2021 -0400
@@ -418,7 +418,7 @@
 char *
 md_getroguedir(void)
 {
-    static char path[1024];
+    static char path[PATH_MAX-20];
     char *end,*home;
 
     if ( (home = getenv("ROGUEHOME")) != NULL)
@@ -427,13 +427,17 @@
         {
             strncpy(path, home, PATH_MAX - 20);
 
-            end = &path[strlen(path)-1];
+            if (path[PATH_MAX-21] == '\0')
+            {
+
+                end = &path[strlen(path)-1];
 
-            while( (end >= path) && ((*end == '/') || (*end == '\\')))
-                *end-- = '\0';
+                while( (end >= path) && ((*end == '/') || (*end == '\\')))
+                    *end-- = '\0';
 
-            if (directory_exists(path))
-                return(path);
+                if (directory_exists(path))
+                    return(path);
+            }
         }
     }
 
--- a/arogue5/options.c	Sun May 02 21:54:11 2021 -0400
+++ b/arogue5/options.c	Mon May 03 19:05:37 2021 -0400
@@ -17,6 +17,7 @@
 #include "curses.h"
 #include <ctype.h>
 #include <string.h>
+#include <limits.h>
 #include "rogue.h"
 
 #define	NUM_OPTS	(sizeof optlist / sizeof (OPTION))
@@ -91,7 +92,7 @@
 /* For the score file, which must be opened. */
 int get_score(char *optstr, WINDOW *win)
 {
-    char old_score_file[LINELEN];
+    char old_score_file[PATH_MAX];
     int status;
 
     if (use_savedir)
--- a/arogue5/rogue.c	Sun May 02 21:54:11 2021 -0400
+++ b/arogue5/rogue.c	Mon May 03 19:05:37 2021 -0400
@@ -13,6 +13,7 @@
  */
 
 #include <ctype.h>
+#include <limits.h>
 #include "curses.h"
 #include "rogue.h"
 
@@ -85,7 +86,7 @@
 char *m_guess[MAXMM];			/* Players guess at what MM is */
 char *ws_type[MAXSTICKS];		/* Is it a wand or a staff */
 char file_name[256];			/* Save file name */
-char score_file[LINELEN];		/* Score file name */
+char score_file[PATH_MAX];		/* Score file name */
 char home[LINELEN];			/* User's home directory */
 WINDOW *cw;				/* Window that the player sees */
 WINDOW *hw;				/* Used for the help command */
--- a/arogue7/main.c	Sun May 02 21:54:11 2021 -0400
+++ b/arogue7/main.c	Mon May 03 19:05:37 2021 -0400
@@ -16,6 +16,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <signal.h>
+#include <limits.h>
 #include <errno.h>
 #ifdef BSD
 #include <sys/time.h>
@@ -59,6 +60,7 @@
      */
 
     strncpy(home, md_gethomedir(), LINELEN);
+    home[LINELEN-1] = '\0';
 
     /* Get default save file */
     strcpy(file_name, home);
@@ -66,8 +68,8 @@
 
     /* Get default score file */
 #ifdef SCOREFILE
-    strncpy(score_file, SCOREFILE, LINELEN);
-    score_file[LINELEN-1] = '\0';
+    strncpy(score_file, SCOREFILE, PATH_MAX);
+    score_file[PATH_MAX-1] = '\0';
 #else
     strcpy(score_file, md_getroguedir());
 
--- a/arogue7/mdport.c	Sun May 02 21:54:11 2021 -0400
+++ b/arogue7/mdport.c	Mon May 03 19:05:37 2021 -0400
@@ -421,7 +421,7 @@
 char *
 md_getroguedir(void)
 {
-    static char path[1024];
+    static char path[PATH_MAX-20];
     char *end,*home;
 
     if ( (home = getenv("ROGUEHOME")) != NULL)
@@ -430,13 +430,16 @@
         {
             strncpy(path, home, PATH_MAX - 20);
 
-            end = &path[strlen(path)-1];
+            if (path[PATH_MAX-21] == '\0')
+            {
+                end = &path[strlen(path)-1];
 
-            while( (end >= path) && ((*end == '/') || (*end == '\\')))
-                *end-- = '\0';
+                while( (end >= path) && ((*end == '/') || (*end == '\\')))
+                    *end-- = '\0';
 
-            if (directory_exists(path))
-                return(path);
+                if (directory_exists(path))
+                    return(path);
+            }
         }
     }
 
--- a/arogue7/options.c	Sun May 02 21:54:11 2021 -0400
+++ b/arogue7/options.c	Mon May 03 19:05:37 2021 -0400
@@ -21,6 +21,7 @@
 
 #include "curses.h"
 #include <ctype.h>
+#include <limits.h>
 #include <string.h>
 #include "rogue.h"
 
@@ -491,7 +492,7 @@
 int
 get_score(char *optstr, WINDOW *win)
 {
-    char old_score_file[LINELEN];
+    char old_score_file[PATH_MAX];
     int status;
 
     if (use_savedir)
--- a/arogue7/rogue.c	Sun May 02 21:54:11 2021 -0400
+++ b/arogue7/rogue.c	Mon May 03 19:05:37 2021 -0400
@@ -13,6 +13,7 @@
  */
 
 #include <ctype.h>
+#include <limits.h>
 #include "curses.h"
 #include "rogue.h"
 #ifdef PC7300
@@ -102,7 +103,7 @@
 char *m_guess[MAXMM];			/* Players guess at what MM is */
 char *ws_type[MAXSTICKS];		/* Is it a wand or a staff */
 char file_name[LINELEN];		/* Save file name */
-char score_file[LINELEN];		/* Score file name */
+char score_file[PATH_MAX];		/* Score file name */
 char home[LINELEN];			/* User's home directory */
 WINDOW *cw;				/* Window that the player sees */
 WINDOW *hw;				/* Used for the help command */
--- a/urogue/mdport.c	Sun May 02 21:54:11 2021 -0400
+++ b/urogue/mdport.c	Mon May 03 19:05:37 2021 -0400
@@ -401,54 +401,6 @@
 #endif
 }
 
-int
-directory_exists(char *dirname)
-{
-    struct stat sb;
-
-    if (stat(dirname, &sb) == 0) /* path exists */
-        return (sb.st_mode & S_IFDIR);
-
-    return(0);
-}
-
-char *
-md_getroguedir()
-{
-    static char path[1024];
-    char *end,*home;
-
-    if ( (home = getenv("ROGUEHOME")) != NULL)
-    {
-        if (*home)
-        {
-            strncpy(path, home, PATH_MAX - 20);
-
-            end = &path[strlen(path)-1];
-
-            while( (end >= path) && ((*end == '/') || (*end == '\\')))
-                *end-- = '\0';
-
-            if (directory_exists(path))
-                return(path);
-        }
-    }
-
-    if (directory_exists("/var/games/roguelike"))
-        return("/var/games/roguelike");
-    if (directory_exists("/var/lib/roguelike"))
-        return("/var/lib/roguelike");
-    if (directory_exists("/var/roguelike"))
-        return("/var/roguelike");
-    if (directory_exists("/usr/games/lib"))
-        return("/usr/games/lib");
-    if (directory_exists("/games/roguelik"))
-        return("/games/roguelik");
-    if (directory_exists(md_gethomedir()))
-	return(md_gethomedir());
-    return("");
-}
-
 char *
 md_getrealname(int uid)
 {
--- a/xrogue/main.c	Sun May 02 21:54:11 2021 -0400
+++ b/xrogue/main.c	Mon May 03 19:05:37 2021 -0400
@@ -20,6 +20,7 @@
 #include <string.h>
 #include <curses.h>
 #include <signal.h>
+#include <limits.h>
 #include <time.h>
 
 #include "mach_dep.h"
@@ -44,6 +45,7 @@
      */
 
     strncpy(home, md_gethomedir(), LINELEN);
+    home[LINELEN-1] = '\0';
 
     /* Get default save file */
     strcpy(file_name, home);
@@ -51,8 +53,8 @@
 
     /* Get default score file */
 #ifdef SCOREFILE
-    strncpy(score_file, SCOREFILE, LINELEN);
-    score_file[LINELEN-1] = '\0';
+    strncpy(score_file, SCOREFILE, PATH_MAX);
+    score_file[PATH_MAX-1] = '\0';
 #else
     strcpy(score_file, md_getroguedir());
 
--- a/xrogue/options.c	Sun May 02 21:54:11 2021 -0400
+++ b/xrogue/options.c	Mon May 03 19:05:37 2021 -0400
@@ -24,6 +24,7 @@
 #include <curses.h>
 #include <ctype.h>
 #include <string.h>
+#include <limits.h>
 #include "rogue.h"
 
 #define NUM_OPTS        (sizeof optlist / sizeof (OPTION))
@@ -524,7 +525,7 @@
 int
 get_score(char *optstr, WINDOW *win)
 {
-    char old_score_file[LINELEN];
+    char old_score_file[PATH_MAX];
     int status;
 
     if (use_savedir)
--- a/xrogue/rogue.c	Sun May 02 21:54:11 2021 -0400
+++ b/xrogue/rogue.c	Mon May 03 19:05:37 2021 -0400
@@ -18,6 +18,7 @@
 
 #include <ctype.h>
 #include <curses.h>
+#include <limits.h>
 #include "rogue.h"
 
 /*
@@ -90,7 +91,7 @@
 char *m_guess[MAXMM];                   /* Players guess at what MM is */
 char *ws_type[MAXSTICKS];               /* Is it a wand or a staff */
 char file_name[LINELEN];                /* Save file name */
-char score_file[LINELEN];               /* Score file name */
+char score_file[PATH_MAX];              /* Score file name */
 char home[LINELEN];                     /* User's home directory */
 WINDOW *cw;                             /* Window that the player sees */
 WINDOW *hw;                             /* Used for the help command */
--- a/xrogue/state.c	Sun May 02 21:54:11 2021 -0400
+++ b/xrogue/state.c	Mon May 03 19:05:37 2021 -0400
@@ -3301,7 +3301,7 @@
 char *
 md_getroguedir(void)
 {
-    static char path[1024];
+    static char path[PATH_MAX-20];
     char *end,*home;
 
     if ( (home = getenv("ROGUEHOME")) != NULL)
@@ -3310,14 +3310,17 @@
         {
             strncpy(path, home, PATH_MAX - 20);
 
-            end = &path[strlen(path)-1];
-
-
-            while( (end >= path) && ((*end == '/') || (*end == '\\')))
-                *end-- = '\0';
-
-            if (directory_exists(path))
-                return(path);
+            if (path[PATH_MAX-21] == '\0')
+            {
+                end = &path[strlen(path)-1];
+
+
+                while( (end >= path) && ((*end == '/') || (*end == '\\')))
+                    *end-- = '\0';
+
+                if (directory_exists(path))
+                    return(path);
+            }
         }
     }