[Pkg-freeciv-devel] Bug#355211: freeciv-server: security hole
Jason Dorje Short
jdorje at users.sf.net
Sat Mar 4 02:29:40 UTC 2006
Package: freeciv-server
Version: 2.0.7-2
Severity: important
Jordi -
There is a security hole in Freeciv 2.0 allowing a remote user to trigger a
server crash (it is unlikely anything more than a crashed civserver would
result from the hole). This patch (which will be included in the upcoming
2.0.8 release) will fix it; I recommend you upload it and/or get ready for
2.0.8 in a couple of days.
Index: common/packets.c
===================================================================
--- common/packets.c (revision 11709)
+++ common/packets.c (working copy)
@@ -362,13 +362,13 @@
}
#endif
- if (whole_packet_len > pc->buffer->ndata) {
+ if ((unsigned)whole_packet_len > pc->buffer->ndata) {
return NULL; /* not all data has been read */
}
#ifdef USE_COMPRESSION
if (compressed_packet) {
- int compressed_size = whole_packet_len - header_size;
+ uLong compressed_size = whole_packet_len - header_size;
/*
* We don't know the decompressed size. We assume a bad case
* here: an expansion by an factor of 100.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages freeciv-server depends on:
ii freeciv-data 2.0.7-2 Civilization turn based strategy g
ii libc6 2.3.6-2 GNU C Library: Shared libraries an
ii libreadline5 5.1-6 GNU readline and history libraries
ii zlib1g 1:1.2.3-9 compression library - runtime
freeciv-server recommends no packages.
-- no debconf information
More information about the Pkg-freeciv-devel
mailing list