CVS commit: [netbsd-5-0] src/games/hack

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Mon Jun 29 23:22:24 UTC 2009

Modified Files:
src/games/hack [netbsd-5-0]: extern.h hack.do_name.c hack.eat.c
hack.end.c hack.fight.c hack.invent.c hack.main.c hack.objnam.c
hack.options.c hack.pri.c hack.rip.c hack.shk.c hack.topl.c
hack.unix.c

Log Message:
Pull up following revision(s) (requested by dholland in ticket #844):
games/hack/extern.h: revision 1.11
games/hack/hack.pri.c: revision 1.11
games/hack/hack.do_name.c: revision 1.9
games/hack/hack.fight.c: revision 1.10
games/hack/hack.topl.c: revision 1.10
games/hack/hack.invent.c: revision 1.12
games/hack/hack.rip.c: revision 1.10
games/hack/hack.options.c: revision 1.9
games/hack/hack.main.c: revision 1.12
games/hack/hack.eat.c: revision 1.8
games/hack/hack.shk.c: revision 1.10
games/hack/hack.end.c: revision 1.12
games/hack/hack.objnam.c: revision 1.9
games/hack/hack.unix.c: revision 1.12
sprintf - snprintf, plus some use of strlcpy/strlcat where appropriate
XXX: there's still one sprintf left which will take some hacking to expunge.


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.8.8.1 src/games/hack/extern.h
cvs rdiff -u -r1.7 -r1.7.14.1 src/games/hack/hack.do_name.c \
src/games/hack/hack.objnam.c
cvs rdiff -u -r1.6 -r1.6.42.1 src/games/hack/hack.eat.c
cvs rdiff -u -r1.9 -r1.9.14.1 src/games/hack/hack.end.c \
src/games/hack/hack.pri.c
cvs rdiff -u -r1.8 -r1.8.14.1 src/games/hack/hack.fight.c \
src/games/hack/hack.rip.c src/games/hack/hack.topl.c
cvs rdiff -u -r1.10 -r1.10.30.1 src/games/hack/hack.invent.c
cvs rdiff -u -r1.10 -r1.10.14.1 src/games/hack/hack.main.c
cvs rdiff -u -r1.7 -r1.7.42.1 src/games/hack/hack.options.c
cvs rdiff -u -r1.8 -r1.8.30.1 src/games/hack/hack.shk.c
cvs rdiff -u -r1.9 -r1.9.42.1 src/games/hack/hack.unix.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/games/hack/extern.h
diff -u src/games/hack/extern.h:1.8 src/games/hack/extern.h:1.8.8.1
--- src/games/hack/extern.h:1.8	Mon Apr 28 20:22:54 2008
+++ src/games/hack/extern.h	Mon Jun 29 23:22:24 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: extern.h,v 1.8 2008/04/28 20:22:54 martin Exp $	*/
+/*	$NetBSD: extern.h,v 1.8.8.1 2009/06/29 23:22:24 snj Exp $	*/
 
 /*-
  * Copyright (c) 1997 The NetBSD Foundation, Inc.
@@ -356,7 +356,7 @@
 char *typename(int);
 char *xname(struct obj *);
 char *doname(struct obj *);
-void setan(const char *, char *);
+void setan(const char *, char *, size_t);
 char *aobjnam(struct obj *, const char *);
 char *Doname(struct obj *);
 struct obj *readobjnam(char *);

Index: src/games/hack/hack.do_name.c
diff -u src/games/hack/hack.do_name.c:1.7 src/games/hack/hack.do_name.c:1.7.14.1
--- src/games/hack/hack.do_name.c:1.7	Mon Jan 28 06:55:41 2008
+++ src/games/hack/hack.do_name.c	Mon Jun 29 23:22:24 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.do_name.c,v 1.7 2008/01/28 06:55:41 dholland Exp $	*/
+/*	$NetBSD: hack.do_name.c,v 1.7.14.1 2009/06/29 23:22:24 snj Exp $	*/
 
 /*
  * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica,
@@ -63,7 +63,7 @@
 
 #include sys/cdefs.h
 #ifndef lint
-__RCSID($NetBSD: hack.do_name.c,v 1.7 2008/01/28 06:55:41 dholland Exp $);
+__RCSID($NetBSD: hack.do_name.c,v 1.7.14.1 2009/06/29 23:22:24 snj Exp $);
 #endif/* not lint */
 
 #include stdlib.h
@@ -274,7 +274,7 @@
 {
 	static char buf[BUFSZ];	/* %% */
 	if (mtmp-mnamelth  !vb) {
-		(void) strcpy(buf, NAME(mtmp));
+		(void) strlcpy(buf, NAME(mtmp), sizeof(buf));
 		return (buf);
 	}
 	switch (mtmp-data-mlet) {
@@ -287,23 +287,23 @@
 	(void)
 		strcpy((char *) mtmp-mextra, !rn2(5) ? plname : gn);
 			}
-			(void) sprintf(buf, %s's ghost, gn);
+			(void) snprintf(buf, sizeof(buf), %s's ghost, gn);
 		}
 		break;
 	case '@':
 		if (mtmp-isshk) {
-			(void) strcpy(buf, shkname(mtmp));
+			(void) strlcpy(buf, shkname(mtmp), sizeof(buf));
 			break;
 		}
 		/* fall into next case */
 	default:
-		(void) sprintf(buf, the %s%s,
+		(void) snprintf(buf, sizeof(buf), the %s%s,
 			   mtmp-minvis ? invisible  : ,
 			   mtmp-data-mname);
 	}
 	if (vb  mtmp-mnamelth) {
-		(void) strcat(buf,  called );
-		(void) strcat(buf, NAME(mtmp));
+		(void) strlcat(buf,  called , sizeof(buf));
+		(void) strlcat(buf, NAME(mtmp), sizeof(buf));
 	}
 	return (buf);
 }
@@ -342,7 +342,7 @@
 
 	if (!strncmp(bp, the , 4))
 		bp += 4;
-	(void) sprintf(buf, the %s %s, adj, bp);
+	(void) snprintf(buf, sizeof(buf), the %s %s, adj, bp);
 	return (buf);
 }
 
Index: src/games/hack/hack.objnam.c
diff -u src/games/hack/hack.objnam.c:1.7 src/games/hack/hack.objnam.c:1.7.14.1
--- src/games/hack/hack.objnam.c:1.7	Mon Jan 28 06:55:42 2008
+++ src/games/hack/hack.objnam.c	Mon Jun 29 23:22:24 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.objnam.c,v 1.7 2008/01/28 06:55:42 dholland 

CVS commit: [netbsd-5-0] src/games/hack

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Mon Jun 29 23:25:09 UTC 2009

Modified Files:
src/games/hack [netbsd-5-0]: hack.do_name.c hack.h hack.invent.c
hack.main.c hack.rip.c hack.topl.c hack.unix.c

Log Message:
Pull up following revision(s) (requested by dholland in ticket #844):
games/hack/hack.unix.c: revision 1.13
games/hack/hack.topl.c: revision 1.11
games/hack/hack.invent.c: revision 1.13
games/hack/hack.rip.c: revision 1.11
games/hack/hack.main.c: revision 1.13
games/hack/hack.h: revision 1.13 via patch
games/hack/hack.do_name.c: revision 1.10
Fix two serious string-handling bugs (one exploitable, one probably
exploitable) and also add proper checking/paranoia in several other
places.


To generate a diff of this commit:
cvs rdiff -u -r1.7.14.1 -r1.7.14.2 src/games/hack/hack.do_name.c
cvs rdiff -u -r1.10 -r1.10.42.1 src/games/hack/hack.h
cvs rdiff -u -r1.10.30.1 -r1.10.30.2 src/games/hack/hack.invent.c
cvs rdiff -u -r1.10.14.1 -r1.10.14.2 src/games/hack/hack.main.c
cvs rdiff -u -r1.8.14.1 -r1.8.14.2 src/games/hack/hack.rip.c \
src/games/hack/hack.topl.c
cvs rdiff -u -r1.9.42.1 -r1.9.42.2 src/games/hack/hack.unix.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/games/hack/hack.do_name.c
diff -u src/games/hack/hack.do_name.c:1.7.14.1 src/games/hack/hack.do_name.c:1.7.14.2
--- src/games/hack/hack.do_name.c:1.7.14.1	Mon Jun 29 23:22:24 2009
+++ src/games/hack/hack.do_name.c	Mon Jun 29 23:25:09 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.do_name.c,v 1.7.14.1 2009/06/29 23:22:24 snj Exp $	*/
+/*	$NetBSD: hack.do_name.c,v 1.7.14.2 2009/06/29 23:25:09 snj Exp $	*/
 
 /*
  * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica,
@@ -63,7 +63,7 @@
 
 #include sys/cdefs.h
 #ifndef lint
-__RCSID($NetBSD: hack.do_name.c,v 1.7.14.1 2009/06/29 23:22:24 snj Exp $);
+__RCSID($NetBSD: hack.do_name.c,v 1.7.14.2 2009/06/29 23:25:09 snj Exp $);
 #endif/* not lint */
 
 #include stdlib.h
@@ -285,7 +285,7 @@
 gn = ghostnames[rn2(SIZE(ghostnames))];
 if (!rn2(2))
 	(void)
-		strcpy((char *) mtmp-mextra, !rn2(5) ? plname : gn);
+		strlcpy((char *) mtmp-mextra, !rn2(5) ? plname : gn, mtmp-mxlth);
 			}
 			(void) snprintf(buf, sizeof(buf), %s's ghost, gn);
 		}

Index: src/games/hack/hack.h
diff -u src/games/hack/hack.h:1.10 src/games/hack/hack.h:1.10.42.1
--- src/games/hack/hack.h:1.10	Tue Jan 27 20:30:29 2004
+++ src/games/hack/hack.h	Mon Jun 29 23:25:09 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.h,v 1.10 2004/01/27 20:30:29 jsm Exp $	*/
+/*	$NetBSD: hack.h,v 1.10.42.1 2009/06/29 23:25:09 snj Exp $	*/
 
 /*
  * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica,
@@ -202,7 +202,7 @@
 extern char SAVEF[];
 extern char fut_geno[60]; /* idem */
 extern char genocided[60]; /* defined in Decl.c */
-extern char lock[];
+extern char lock[PL_NSIZ + 4];
 extern char mlarge[];
 extern char morc;
 extern char nul[];

Index: src/games/hack/hack.invent.c
diff -u src/games/hack/hack.invent.c:1.10.30.1 src/games/hack/hack.invent.c:1.10.30.2
--- src/games/hack/hack.invent.c:1.10.30.1	Mon Jun 29 23:22:24 2009
+++ src/games/hack/hack.invent.c	Mon Jun 29 23:25:09 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: hack.invent.c,v 1.10.30.1 2009/06/29 23:22:24 snj Exp $	*/
+/*	$NetBSD: hack.invent.c,v 1.10.30.2 2009/06/29 23:25:09 snj Exp $	*/
 
 /*
  * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica,
@@ -63,9 +63,10 @@
 
 #include sys/cdefs.h
 #ifndef lint
-__RCSID($NetBSD: hack.invent.c,v 1.10.30.1 2009/06/29 23:22:24 snj Exp $);
+__RCSID($NetBSD: hack.invent.c,v 1.10.30.2 2009/06/29 23:25:09 snj Exp $);
 #endif/* not lint */
 
+#include assert.h
 #include stdlib.h
 #include hack.h
 #include extern.h
@@ -578,7 +579,7 @@
 	charbuf[BUFSZ];
 	char   *ip;
 	charsym;
-	int oletct = 0, iletct = 0;
+	unsignedoletct = 0, iletct = 0;
 	boolean allflag = FALSE;
 	charolets[20], ilets[20];
 	int   (*ckfn)(struct obj *) =
@@ -609,6 +610,7 @@
 		if (invent)
 			ilets[iletct++] = 'a';
 		ilets[iletct] = 0;
+		assert(iletct  sizeof(ilets));
 	}
 	pline(What kinds of thing do you want to %s? [%s] ,
 	  word, ilets);
@@ -637,6 +639,7 @@
 olets[oletct++] = sym;
 olets[oletct] = 0;
 			}
+			assert(oletct  sizeof(olets));
 		} else
 			pline(You don't have any %c's., sym);
 	}
@@ -754,7 +757,7 @@
 {
 	struct obj *otmp;
 	charilet;
-	int ct = 0;
+	unsignedct = 0;
 	charany[BUFSZ];
 
 	morc = 0;		/* just to be sure */
@@ -777,6 +780,7 @@
 ilet = 'A';
 	}
 	any[ct] = 0;
+	assert(ct  sizeof(any));
 	cornline(2, any);
 }
 
@@ -786,7 +790,7 @@
 	/* Changed to one type only, so he doesnt have to type cr */
 	charc, ilet;
 	charstuff[BUFSZ];
-	int stct;
+