warden/early-roguelike
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
early-roguelike/srogue
History
John "Elwin" Edwards de013693fd srogue: prevent overflowing the score file name. 
If SCOREFILE is not defined, roguehome() is called to find a directory
for the score file.  It copies up to PATH_MAX-20 bytes from an
environment variable to a static buffer.  Later these are strcpy()'d to
scorefile, which is of size LINLEN.  Unfortunately LINLEN is 80 and
PATH_MAX is at least 256.  On Linux, it happens to be 4096.

I haven't yet managed to crash or exploit it, but there are surely no
beneficial consequences, so roguehome() has been modified to check the
length, and the string it returns is also checked in main().
2015-08-02 12:14:47 -04:00
..
acinclude.m4 srogue: begin porting to autoconf. 2013-09-01 20:50:52 -07:00
armor.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
bob.h Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
bsdtty.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
chase.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
command.c srogue: use functions from mdport.c. 2014-04-30 14:46:30 -07:00
configure.ac Fix a typo in configure.ac. 2015-06-04 14:48:25 -04:00
cx.h Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
daemon.c srogue: add and use more md_* portable functions. 2014-05-02 15:06:23 -07:00
daemons.c Rename daemon() to start_daemon(). 2013-09-07 08:08:00 -04:00
disply.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
encumb.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
fight.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
global.c srogue: open the score and log files when the program starts. 2015-08-01 15:12:11 -04:00
init.c srogue: include missing headers. 2012-01-27 17:29:30 +00:00
io.c srogue: use functions from mdport.c. 2014-04-30 14:46:30 -07:00
LICENSE.TXT Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
list.c srogue: add and use more md_* portable functions. 2014-05-02 15:06:23 -07:00
main.c srogue: prevent overflowing the score file name. 2015-08-02 12:14:47 -04:00
Makefile.in Makefiles: don't set defaults for CFLAGS. 2014-03-29 09:45:33 -07:00
makevers.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
mdport.c srogue: remove md_droppriv() and md_resetpriv(). 2015-08-01 16:31:03 -04:00
misc.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
monsters.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
move.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
ncx.h Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
new_leve.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
newterm.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
options.c srogue: use functions from mdport.c. 2014-04-30 14:46:30 -07:00
pack.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
passages.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
potions.c srogue: include missing headers. 2012-01-27 17:29:30 +00:00
pstats.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
rdk.h Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
rgdata.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
rings.c srogue: include missing headers. 2012-01-27 17:29:30 +00:00
rip.c srogue: open the score and log files when the program starts. 2015-08-01 15:12:11 -04:00
rogue.ext srogue: add support for SAVEDIR 2010-11-25 17:28:29 +00:00
rogue.h srogue: remove md_droppriv() and md_resetpriv(). 2015-08-01 16:31:03 -04:00
rogue.nr Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
rooms.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
save.c srogue: improve privilege handling. 2015-08-01 16:23:24 -04:00
scrolls.c srogue: include missing headers. 2012-01-27 17:29:30 +00:00
state.c Properly handle invalid room references in savefiles. 2013-08-08 12:41:35 -07:00
sticks.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
things.c srogue: include missing headers. 2012-01-27 17:29:30 +00:00
trader.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
vers.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
weapons.c Import Super-Rogue 9.0 from the Roguelike Restoration Project (r1490) 2010-11-25 12:21:41 +00:00
wizard.c srogue: use functions from mdport.c. 2014-04-30 14:46:30 -07:00
xcrypt.c srogue: more compatibility improvements. 2014-05-03 10:31:30 -07:00