CVS commit: [netbsd-4] src/games/hack

2009-06-29 Thread Soren Jacobsen 
Module Name:src
Committed By:   snj
Date:   Mon Jun 29 23:55:23 UTC 2009

Modified Files:
src/games/hack [netbsd-4]: hack.do_name.c hack.h hack.invent.c
hack.main.c hack.rip.c hack.topl.c hack.unix.c

Log Message:
Pull up following revision(s) (requested by dholland in ticket #1331):
games/hack/hack.do_name.c: revision 1.10
games/hack/hack.h: revision 1.13 via patch
games/hack/hack.invent.c: revision 1.13
games/hack/hack.main.c: revision 1.13
games/hack/hack.rip.c: revision 1.11
games/hack/hack.topl.c: revision 1.11
games/hack/hack.unix.c: revision 1.13
Fix two serious string-handling bugs (one exploitable, one probably
exploitable) and also add proper checking/paranoia in several other
places.


To generate a diff of this commit:
cvs rdiff -u -r1.6.16.1 -r1.6.16.2 src/games/hack/hack.do_name.c
cvs rdiff -u -r1.10 -r1.10.16.1 src/games/hack/hack.h
cvs rdiff -u -r1.10.4.1 -r1.10.4.2 src/games/hack/hack.invent.c
cvs rdiff -u -r1.9.16.1 -r1.9.16.2 src/games/hack/hack.main.c \
src/games/hack/hack.unix.c
cvs rdiff -u -r1.7.16.1 -r1.7.16.2 src/games/hack/hack.rip.c \
src/games/hack/hack.topl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/games/hack/hack.do_name.c
diff -u src/games/hack/hack.do_name.c:1.6.16.1 src/games/hack/hack.do_name.c:1.6.16.2
--- src/games/hack/hack.do_name.c:1.6.16.1	Mon Jun 29 23:53:01 2009
+++ src/games/hack/hack.do_name.c	Mon Jun 29 23:55:23 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.do_name.c,v 1.6.16.1 2009/06/29 23:53:01 snj Exp $	*/
+/*	$NetBSD: hack.do_name.c,v 1.6.16.2 2009/06/29 23:55:23 snj Exp $	*/
 
 /*
  * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica,
@@ -63,7 +63,7 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: hack.do_name.c,v 1.6.16.1 2009/06/29 23:53:01 snj Exp $");
+__RCSID("$NetBSD: hack.do_name.c,v 1.6.16.2 2009/06/29 23:55:23 snj Exp $");
 #endif/* not lint */
 
 #include 
@@ -284,7 +284,7 @@
 gn = ghostnames[rn2(SIZE(ghostnames))];
 if (!rn2(2))
 	(void)
-		strcpy((char *) mtmp->mextra, !rn2(5) ? plname : gn);
+		strlcpy((char *) mtmp->mextra, !rn2(5) ? plname : gn, mtmp->mxlth);
 			}
 			(void) snprintf(buf, sizeof(buf), "%s's ghost", gn);
 		}

Index: src/games/hack/hack.h
diff -u src/games/hack/hack.h:1.10 src/games/hack/hack.h:1.10.16.1
--- src/games/hack/hack.h:1.10	Tue Jan 27 20:30:29 2004
+++ src/games/hack/hack.h	Mon Jun 29 23:55:23 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.h,v 1.10 2004/01/27 20:30:29 jsm Exp $	*/
+/*	$NetBSD: hack.h,v 1.10.16.1 2009/06/29 23:55:23 snj Exp $	*/
 
 /*
  * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica,
@@ -202,7 +202,7 @@
 extern char SAVEF[];
 extern char fut_geno[60]; /* idem */
 extern char genocided[60]; /* defined in Decl.c */
-extern char lock[];
+extern char lock[PL_NSIZ + 4];
 extern char mlarge[];
 extern char morc;
 extern char nul[];

Index: src/games/hack/hack.invent.c
diff -u src/games/hack/hack.invent.c:1.10.4.1 src/games/hack/hack.invent.c:1.10.4.2
--- src/games/hack/hack.invent.c:1.10.4.1	Mon Jun 29 23:53:01 2009
+++ src/games/hack/hack.invent.c	Mon Jun 29 23:55:23 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.invent.c,v 1.10.4.1 2009/06/29 23:53:01 snj Exp $	*/
+/*	$NetBSD: hack.invent.c,v 1.10.4.2 2009/06/29 23:55:23 snj Exp $	*/
 
 /*
  * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica,
@@ -63,9 +63,10 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: hack.invent.c,v 1.10.4.1 2009/06/29 23:53:01 snj Exp $");
+__RCSID("$NetBSD: hack.invent.c,v 1.10.4.2 2009/06/29 23:55:23 snj Exp $");
 #endif/* not lint */
 
+#include 
 #include 
 #include "hack.h"
 #include "extern.h"
@@ -578,7 +579,7 @@
 	charbuf[BUFSZ];
 	char   *ip;
 	charsym;
-	int oletct = 0, iletct = 0;
+	unsignedoletct = 0, iletct = 0;
 	boolean allflag = FALSE;
 	charolets[20], ilets[20];
 	int   (*ckfn)(struct obj *) =
@@ -609,6 +610,7 @@
 		if (invent)
 			ilets[iletct++] = 'a';
 		ilets[iletct] = 0;
+		assert(iletct < sizeof(ilets));
 	}
 	pline("What kinds of thing do you want to %s? [%s] ",
 	  word, ilets);
@@ -637,6 +639,7 @@
 olets[oletct++] = sym;
 olets[oletct] = 0;
 			}
+			assert(oletct < sizeof(olets));
 		} else
 			pline("You don't have any %c's.", sym);
 	}
@@ -754,7 +757,7 @@
 {
 	struct obj *otmp;
 	charilet;
-	int ct = 0;
+	unsignedct = 0;
 	charany[BUFSZ];
 
 	morc = 0;		/* just to be sure */
@@ -777,6 +780,7 @@
 ilet = 'A';
 	}
 	any[ct] = 0;
+	assert(ct < sizeof(any));
 	cornline(2, any);
 }
 
@@ -786,7 +790,7 @@
 	/* Changed to one type only, so he doesnt have to type cr */
 	charc, ilet;
 	charstuff[BUFSZ];
-	int stct;
+	unsignedstct;
 	struct obj *otmp;
 	boolean

CVS commit: [netbsd-4] src/games/hack

2009-06-29 Thread Soren Jacobsen 
Module Name:src
Committed By:   snj
Date:   Mon Jun 29 23:53:01 UTC 2009

Modified Files:
src/games/hack [netbsd-4]: extern.h hack.do_name.c hack.eat.c
hack.end.c hack.fight.c hack.invent.c hack.main.c hack.objnam.c
hack.options.c hack.pri.c hack.rip.c hack.shk.c hack.topl.c
hack.unix.c

Log Message:
Pull up following revision(s) (requested by dholland in ticket #1331):
games/hack/extern.h: revision 1.11
games/hack/hack.do_name.c: revision 1.9
games/hack/hack.eat.c: revision 1.8
games/hack/hack.end.c: revision 1.12 via patch
games/hack/hack.fight.c: revision 1.10 via patch
games/hack/hack.invent.c: revision 1.12
games/hack/hack.main.c: revision 1.12
games/hack/hack.objnam.c: revision 1.9
games/hack/hack.options.c: revision 1.9
games/hack/hack.pri.c: revision 1.11
games/hack/hack.rip.c: revision 1.10
games/hack/hack.shk.c: revision 1.10
games/hack/hack.topl.c: revision 1.10
games/hack/hack.unix.c: revision 1.12
sprintf -> snprintf, plus some use of strlcpy/strlcat where appropriate
XXX: there's still one sprintf left which will take some hacking to expunge.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.6.16.1 src/games/hack/extern.h \
src/games/hack/hack.do_name.c src/games/hack/hack.eat.c \
src/games/hack/hack.objnam.c
cvs rdiff -u -r1.7 -r1.7.4.1 src/games/hack/hack.end.c \
src/games/hack/hack.fight.c
cvs rdiff -u -r1.10 -r1.10.4.1 src/games/hack/hack.invent.c
cvs rdiff -u -r1.9 -r1.9.16.1 src/games/hack/hack.main.c \
src/games/hack/hack.unix.c
cvs rdiff -u -r1.7 -r1.7.16.1 src/games/hack/hack.options.c \
src/games/hack/hack.rip.c src/games/hack/hack.topl.c
cvs rdiff -u -r1.8 -r1.8.16.1 src/games/hack/hack.pri.c
cvs rdiff -u -r1.8 -r1.8.4.1 src/games/hack/hack.shk.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/games/hack/extern.h
diff -u src/games/hack/extern.h:1.6 src/games/hack/extern.h:1.6.16.1
--- src/games/hack/extern.h:1.6	Tue Jan 27 20:30:29 2004
+++ src/games/hack/extern.h	Mon Jun 29 23:53:01 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: extern.h,v 1.6 2004/01/27 20:30:29 jsm Exp $	*/
+/*	$NetBSD: extern.h,v 1.6.16.1 2009/06/29 23:53:01 snj Exp $	*/
 
 /*-
  * Copyright (c) 1997 The NetBSD Foundation, Inc.
@@ -363,7 +363,7 @@
 char *typename(int);
 char *xname(struct obj *);
 char *doname(struct obj *);
-void setan(const char *, char *);
+void setan(const char *, char *, size_t);
 char *aobjnam(struct obj *, const char *);
 char *Doname(struct obj *);
 struct obj *readobjnam(char *);
Index: src/games/hack/hack.do_name.c
diff -u src/games/hack/hack.do_name.c:1.6 src/games/hack/hack.do_name.c:1.6.16.1
--- src/games/hack/hack.do_name.c:1.6	Wed Apr  2 18:36:36 2003
+++ src/games/hack/hack.do_name.c	Mon Jun 29 23:53:01 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.do_name.c,v 1.6 2003/04/02 18:36:36 jsm Exp $	*/
+/*	$NetBSD: hack.do_name.c,v 1.6.16.1 2009/06/29 23:53:01 snj Exp $	*/
 
 /*
  * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica,
@@ -63,7 +63,7 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: hack.do_name.c,v 1.6 2003/04/02 18:36:36 jsm Exp $");
+__RCSID("$NetBSD: hack.do_name.c,v 1.6.16.1 2009/06/29 23:53:01 snj Exp $");
 #endif/* not lint */
 
 #include 
@@ -273,7 +273,7 @@
 {
 	static char buf[BUFSZ];	/* %% */
 	if (mtmp->mnamelth && !vb) {
-		(void) strcpy(buf, NAME(mtmp));
+		(void) strlcpy(buf, NAME(mtmp), sizeof(buf));
 		return (buf);
 	}
 	switch (mtmp->data->mlet) {
@@ -286,23 +286,23 @@
 	(void)
 		strcpy((char *) mtmp->mextra, !rn2(5) ? plname : gn);
 			}
-			(void) sprintf(buf, "%s's ghost", gn);
+			(void) snprintf(buf, sizeof(buf), "%s's ghost", gn);
 		}
 		break;
 	case '@':
 		if (mtmp->isshk) {
-			(void) strcpy(buf, shkname(mtmp));
+			(void) strlcpy(buf, shkname(mtmp), sizeof(buf));
 			break;
 		}
 		/* fall into next case */
 	default:
-		(void) sprintf(buf, "the %s%s",
+		(void) snprintf(buf, sizeof(buf), "the %s%s",
 			   mtmp->minvis ? "invisible " : "",
 			   mtmp->data->mname);
 	}
 	if (vb && mtmp->mnamelth) {
-		(void) strcat(buf, " called ");
-		(void) strcat(buf, NAME(mtmp));
+		(void) strlcat(buf, " called ", sizeof(buf));
+		(void) strlcat(buf, NAME(mtmp), sizeof(buf));
 	}
 	return (buf);
 }
@@ -341,7 +341,7 @@
 
 	if (!strncmp(bp, "the ", 4))
 		bp += 4;
-	(void) sprintf(buf, "the %s %s", adj, bp);
+	(void) snprintf(buf, sizeof(buf), "the %s %s", adj, bp);
 	return (buf);
 }
 
Index: src/games/hack/hack.eat.c
diff -u src/games/hack/hack.eat.c:1.6 src/games/hack/hack.eat.c:1.6.16.1
--- src/games/hack/hack.eat.c:1.6	Wed Apr  2 18:36:36 2003
+++ src/games/hack/hack.eat.c	Mon Jun 29 23:53:01 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.eat.c,v 1.6 2003/04/02 18:36:36 jsm Exp $	*/
+/*	$NetBSD: hack.eat.c,v 1.6.16.1 2009/06/29 23:53:01 snj Exp $	*/