diff options
author | Mike Frysinger <vapier@gentoo.org> | 2005-07-14 02:24:00 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2005-07-14 02:24:00 +0000 |
commit | 80843826bc7badcc6add9f34832437c14660fbbc (patch) | |
tree | a08108873ab6db3f699b068c18062d9922f0890a /games-strategy/netpanzer | |
parent | fix building with newer flex (diff) | |
download | historical-80843826bc7badcc6add9f34832437c14660fbbc.tar.gz historical-80843826bc7badcc6add9f34832437c14660fbbc.tar.bz2 historical-80843826bc7badcc6add9f34832437c14660fbbc.zip |
Fix DoS in server #98922 by Stefan Cornelius.
Package-Manager: portage-2.0.51.22-r1
Diffstat (limited to 'games-strategy/netpanzer')
-rw-r--r-- | games-strategy/netpanzer/ChangeLog | 9 | ||||
-rw-r--r-- | games-strategy/netpanzer/Manifest | 12 | ||||
-rw-r--r-- | games-strategy/netpanzer/files/digest-netpanzer-0.8-r1 | 2 | ||||
-rw-r--r-- | games-strategy/netpanzer/files/netpanzer-0.8-min-size-check.patch | 33 | ||||
-rw-r--r-- | games-strategy/netpanzer/files/netpanzer-0.8-robust.patch | 205 | ||||
-rw-r--r-- | games-strategy/netpanzer/netpanzer-0.8-r1.ebuild | 68 |
6 files changed, 324 insertions, 5 deletions
diff --git a/games-strategy/netpanzer/ChangeLog b/games-strategy/netpanzer/ChangeLog index e2164b07b8cc..b0f81c77d120 100644 --- a/games-strategy/netpanzer/ChangeLog +++ b/games-strategy/netpanzer/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for games-strategy/netpanzer # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/games-strategy/netpanzer/ChangeLog,v 1.18 2005/07/01 17:50:00 fmccor Exp $ +# $Header: /var/cvsroot/gentoo-x86/games-strategy/netpanzer/ChangeLog,v 1.19 2005/07/14 02:24:00 vapier Exp $ + +*netpanzer-0.8-r1 (14 Jul 2005) + + 14 Jul 2005; Mike Frysinger <vapier@gentoo.org> + +files/netpanzer-0.8-min-size-check.patch, + +files/netpanzer-0.8-robust.patch, +netpanzer-0.8-r1.ebuild: + Fix DoS in server #98922 by Stefan Cornelius. 01 Jul 2005; Ferris McCormick <fmccor@gentoo.org> netpanzer-0.8.ebuild: Add ~sparc keyword --- Users report success running it, and it does build diff --git a/games-strategy/netpanzer/Manifest b/games-strategy/netpanzer/Manifest index 590c8d119d6f..e98144904952 100644 --- a/games-strategy/netpanzer/Manifest +++ b/games-strategy/netpanzer/Manifest @@ -3,16 +3,20 @@ Hash: SHA1 MD5 00d7302016b989bd8a8f1cca48f6967b netpanzer-0.8.ebuild 1957 MD5 f17b9b8fa07a38914fe1c03268f51678 metadata.xml 158 -MD5 71d2fec96bd64587155b6b7f64e93cad ChangeLog 3184 +MD5 c1d25b73c6d0c16bad58ceaf594297e8 netpanzer-0.8-r1.ebuild 2020 +MD5 0b214dc61d9bf3a083226965821d8bf2 ChangeLog 3424 MD5 a254cf85014dab1f14a620fc3549355f files/netpanzer.rc 891 +MD5 616b3d065523e34fd3e0d5d8ada5d053 files/netpanzer-0.8-min-size-check.patch 1385 MD5 52b3f20dca70a177cc63da9903b5f5fb files/physfs.patch 553 +MD5 b31fb3b6d8c97b5f87ef8a825a60db2e files/digest-netpanzer-0.8-r1 139 MD5 31c24932718cd34666bf4e1b800772fb files/netpanzer-ded.ini 1261 MD5 b31fb3b6d8c97b5f87ef8a825a60db2e files/digest-netpanzer-0.8 139 +MD5 c40c9070d28732d4ca56e37277e5807f files/netpanzer-0.8-robust.patch 8203 MD5 e45870d0456ec36ed692b70fada22bb5 files/netpanzer-ded 353 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) -iD8DBQFC1cTPgIKl8Uu19MoRAiU3AJ9PFTETGiG3BwdaVcCXryrQdUzrWQCfeaBn -jyISBs7516GdtpeAnwRghj8= -=hBAi +iD8DBQFC1c0VgIKl8Uu19MoRAs5aAJ9x+GAuyC9QE8aLr6TUxxuQV2IzGQCePQIQ +uSAgwmU1x3Xj/f02Yx5nnsQ= +=8myL -----END PGP SIGNATURE----- diff --git a/games-strategy/netpanzer/files/digest-netpanzer-0.8-r1 b/games-strategy/netpanzer/files/digest-netpanzer-0.8-r1 new file mode 100644 index 000000000000..1f7f2a2367ef --- /dev/null +++ b/games-strategy/netpanzer/files/digest-netpanzer-0.8-r1 @@ -0,0 +1,2 @@ +MD5 c08c1b703eac533407db02510deca68e netpanzer-0.8.tar.bz2 382007 +MD5 d2dbd5a6c38a181fa3b6aa9a68c81d2f netpanzer-data-0.8.tar.bz2 10123751 diff --git a/games-strategy/netpanzer/files/netpanzer-0.8-min-size-check.patch b/games-strategy/netpanzer/files/netpanzer-0.8-min-size-check.patch new file mode 100644 index 000000000000..dc97ffcf4a7c --- /dev/null +++ b/games-strategy/netpanzer/files/netpanzer-0.8-min-size-check.patch @@ -0,0 +1,33 @@ +The size needs to be at least 2 or the code gets hung up. + +http://bugs.gentoo.org/98922 + +--- src/NetPanzer/Network/ServerSocket.cpp ++++ src/NetPanzer/Network/ServerSocket.cpp +@@ -169,7 +169,7 @@ + + size = htol16(*((int16_t*) tempbuffer)); + +- if ( (size < 0) || (size > _MAX_NET_PACKET_SIZE) ) { ++ if ( (size < 2) || (size > _MAX_NET_PACKET_SIZE) ) { + LOG( ("OnReadStreamServer : Invalid Packet Size %d", size) ); + recvoffset = 0; + client->headerincomplete = false; +@@ -224,7 +224,7 @@ + + size = htol16(*((int16_t*) tempbuffer)); + +- if ( (size < 0) || (size > _MAX_NET_PACKET_SIZE) ) { ++ if ( (size < 2) || (size > _MAX_NET_PACKET_SIZE) ) { + LOG( ("OnReadStreamServer : Invalid Packet Size %d", size) ); + recvoffset = 0; + client->messageincomplete = false; +@@ -266,7 +266,7 @@ + } else if (recvsize >= 2) { + size = htol16(*((int16_t*) (recvbuffer + recvoffset))); + +- if( (size < 0) || (size > _MAX_NET_PACKET_SIZE) ) { ++ if( (size < 2) || (size > _MAX_NET_PACKET_SIZE) ) { + LOG( ("OnReadStreamServer : Invalid Packet Size %d", size) ); + recvoffset = 0; + client->tempoffset = 0; diff --git a/games-strategy/netpanzer/files/netpanzer-0.8-robust.patch b/games-strategy/netpanzer/files/netpanzer-0.8-robust.patch new file mode 100644 index 000000000000..d0e138e7f687 --- /dev/null +++ b/games-strategy/netpanzer/files/netpanzer-0.8-robust.patch @@ -0,0 +1,205 @@ +A few more sanity checks from upstream svn. + +Index: src/NetPanzer/Interfaces/ChatInterface.cpp +=================================================================== +--- src/NetPanzer/Interfaces/ChatInterface.cpp (revision 928) ++++ src/NetPanzer/Interfaces/ChatInterface.cpp (revision 929) +@@ -39,9 +39,16 @@ + ChatMesg chat_mesg; + const ChatMesgRequest* chat_request = (const ChatMesgRequest*) message; + ++ if(chat_request->getSourcePlayerIndex() >= PlayerInterface::getMaxPlayers()) ++ { ++ LOGGER.warning("Invalid chatMessageRequest"); ++ return; ++ } ++ + chat_mesg.setSourcePlayerIndex(chat_request->getSourcePlayerIndex()); + chat_mesg.message_scope = chat_request->message_scope; +- strcpy( chat_mesg.message_text, chat_request->message_text ); ++ snprintf(chat_mesg.message_text, sizeof(chat_mesg.message_text), "%s", ++ chat_request->message_text); + + if( chat_request->message_scope == _chat_mesg_scope_all ) { + SERVER->sendMessage(&chat_mesg, sizeof(ChatMesg)); +@@ -126,6 +133,11 @@ + unsigned short local_player_index; + const ChatMesg *chat_mesg = (const ChatMesg*) message; + ++ if(chat_mesg->getSourcePlayerIndex() >= PlayerInterface::getMaxPlayers()) { ++ LOGGER.warning("malformed chatmessage packet."); ++ return; ++ } ++ + if( chat_mesg->message_scope == _chat_mesg_scope_server ) { + ConsoleInterface::postMessage("Server: %s", chat_mesg->message_text ); + return; +Index: src/NetPanzer/Interfaces/GameManager.cpp +=================================================================== +--- src/NetPanzer/Interfaces/GameManager.cpp (revision 928) ++++ src/NetPanzer/Interfaces/GameManager.cpp (revision 929) +@@ -411,6 +411,11 @@ + = (const SystemConnectAlert*) message; + PlayerState *player_state = 0; + ++ if(connect_alert->getPlayerID() >= PlayerInterface::getMaxPlayers()) { ++ LOGGER.warning("Malformed connect alert message."); ++ return; ++ } ++ + player_state = PlayerInterface::getPlayerState( connect_alert->getPlayerID() ); + + switch (connect_alert->alert_enum) { +@@ -471,6 +476,11 @@ + const SystemPingRequest *ping_request + = (const SystemPingRequest*) message; + ++ if(ping_request->getClientPlayerIndex() >= PlayerInterface::getMaxPlayers()) { ++ LOGGER.warning("Invalid pingRequest message"); ++ return; ++ } ++ + player_id = PlayerInterface::getPlayerID( ping_request->getClientPlayerIndex() ); + + SystemPingAcknowledge ping_ack; +Index: src/NetPanzer/Interfaces/PlayerInterface.cpp +=================================================================== +--- src/NetPanzer/Interfaces/PlayerInterface.cpp (revision 928) ++++ src/NetPanzer/Interfaces/PlayerInterface.cpp (revision 929) +@@ -25,6 +25,7 @@ + #include "PlayerNetMessage.hpp" + #include "Server.hpp" + #include "NetworkServer.hpp" ++#include "Util/Log.hpp" + + #include "ConsoleInterface.hpp" + // for UNIT_FLAGS_SURFACE +@@ -410,6 +411,10 @@ + = (const PlayerConnectID *) message; + + local_player_index = connect_mesg->connect_state.getPlayerIndex(); ++ if(local_player_index >= max_players) { ++ LOGGER.warning("Invalide netMessageConnectID Message"); ++ return; ++ } + + SDL_mutexP(mutex); + player_lists[local_player_index].setFromNetworkPlayerState +@@ -423,6 +428,12 @@ + const PlayerStateSync *sync_mesg + = (const PlayerStateSync *) message; + uint16_t player_index = sync_mesg->player_state.getPlayerIndex(); ++ ++ if(player_index >= max_players) { ++ LOGGER.warning("Malformed MessageSyncState message"); ++ return; ++ } ++ + SDL_mutexP(mutex); + player_lists[player_index].setFromNetworkPlayerState(&sync_mesg->player_state); + forceUniquePlayerFlags(); +@@ -475,6 +486,14 @@ + const PlayerScoreUpdate* score_update + = (const PlayerScoreUpdate *) message; + ++ if(score_update->getKillByPlayerIndex() >= PlayerInterface::getMaxPlayers() ++ || score_update->getKillOnPlayerIndex() ++ >= PlayerInterface::getMaxPlayers()) ++ { ++ LOGGER.warning("Malformed scrore update packet."); ++ return; ++ } ++ + PlayerState* player1 = getPlayer(score_update->getKillByPlayerIndex()); + PlayerState* player2 = getPlayer(score_update->getKillOnPlayerIndex()); + setKill(player1, player2, (UnitType) score_update->unit_type ); +@@ -487,6 +506,12 @@ + const PlayerAllianceRequest *allie_request + = (const PlayerAllianceRequest *) message; + ++ if(allie_request->getAllieByPlayerIndex() >= max_players ++ || allie_request->getAllieWithPlayerIndex() >= max_players) { ++ LOGGER.warning("Invalid alliance request message"); ++ return; ++ } ++ + SDL_mutexP(mutex); + if ( allie_request->alliance_request_type == _player_make_alliance ) { + setAlliance( +@@ -541,6 +566,12 @@ + const PlayerAllianceUpdate* allie_update + = (const PlayerAllianceUpdate *) message; + ++ if(allie_update->getAllieByPlayerIndex() >= max_players ++ || allie_update->getAllieWithPlayerIndex() >= max_players) { ++ LOGGER.warning("Invalid alliance update message"); ++ return; ++ } ++ + SDL_mutexP(mutex); + if (allie_update->alliance_update_type == _player_make_alliance) { + setAlliance( +Index: src/NetPanzer/Interfaces/InfoThread.cpp +=================================================================== +--- src/NetPanzer/Interfaces/InfoThread.cpp (revision 928) ++++ src/NetPanzer/Interfaces/InfoThread.cpp (revision 929) +@@ -174,15 +174,20 @@ + InfoThread::sendPlayers(std::stringstream& out) + { + ObjectiveInterface::updatePlayerObjectiveCounts(); +- for(int i = 0; i < PlayerInterface::countPlayers(); ++i) { ++ int n = 0; ++ for(int i = 0; i < PlayerInterface::getMaxPlayers(); ++i) { + PlayerState* playerState = PlayerInterface::getPlayerState(i); +- out << "player_" << i << "\\" << playerState->getName() << "\\" +- << "kills_" << i << "\\" << playerState->getKills() << "\\" +- << "deaths_" << i << "\\" << playerState->getLosses() << "\\" +- << "score_" << i << "\\" ++ if(playerState->getStatus() != _player_state_active) ++ continue; ++ ++ out << "player_" << n << "\\" << playerState->getName() << "\\" ++ << "kills_" << n << "\\" << playerState->getKills() << "\\" ++ << "deaths_" << n << "\\" << playerState->getLosses() << "\\" ++ << "score_" << n << "\\" + << playerState->getObjectivesHeld() << "\\" +- << "flag_" << i << "\\" ++ << "flag_" << n << "\\" + << (int) playerState->getFlag() << "\\"; ++ n++; + } + // TODO add team/alliance info + } +Index: src/NetPanzer/Classes/Network/NetMessageDecoder.cpp +=================================================================== +--- src/NetPanzer/Classes/Network/NetMessageDecoder.cpp (revision 928) ++++ src/NetPanzer/Classes/Network/NetMessageDecoder.cpp (revision 929) +@@ -57,6 +57,12 @@ + return false; + + *message = (NetMessage *) (decode_message.data + decode_message_index); ++ if( (*message)->getSize() > ++ decode_message.getSize() - decode_message.getHeaderSize() - ++ decode_message_index) { ++ LOGGER.warning("Malformed Multimessage!"); ++ return false; ++ } + decode_message_index += (*message)->getSize(); + decode_current_count++; + +Index: src/NetPanzer/Classes/Objective.cpp +=================================================================== +--- src/NetPanzer/Classes/Objective.cpp (revision 928) ++++ src/NetPanzer/Classes/Objective.cpp (revision 929) +@@ -69,6 +69,11 @@ + { + const SyncObjective *sync_mesg = (const SyncObjective*) message; + ++ if(sync_mesg->getOccupyingPlayerID() >= PlayerInterface::getMaxPlayers()) { ++ LOGGER.warning("Malformed ObjectvieMesgSync"); ++ return; ++ } ++ + objective_state.objective_status = sync_mesg->objective_status; + objective_state.occupation_status = sync_mesg->occupation_status; + if(objective_state.occupation_status != _occupation_status_unoccupied) { diff --git a/games-strategy/netpanzer/netpanzer-0.8-r1.ebuild b/games-strategy/netpanzer/netpanzer-0.8-r1.ebuild new file mode 100644 index 000000000000..a8a716d21e68 --- /dev/null +++ b/games-strategy/netpanzer/netpanzer-0.8-r1.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/games-strategy/netpanzer/netpanzer-0.8-r1.ebuild,v 1.1 2005/07/14 02:24:00 vapier Exp $ + +inherit eutils games + +DATAVERSION="0.8" +DESCRIPTION="Fast-action multiplayer strategic network game" +HOMEPAGE="http://netpanzer.berlios.de/" +SRC_URI="http://download.berlios.de/netpanzer/netpanzer-${PV}.tar.bz2 + http://download.berlios.de/netpanzer/netpanzer-data-${DATAVERSION}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ppc ~sparc x86" +IUSE="dedicated" + +RDEPEND="dedicated? ( app-misc/screen ) + >=media-libs/libsdl-1.2.5 + >=media-libs/sdl-mixer-1.2.4 + >=media-libs/sdl-image-1.2.3 + >=dev-games/physfs-0.1.9" +DEPEND="${RDEPEND} + >=dev-util/jam-2.5" + +src_unpack() { + unpack ${A} + cd "${S}" +# epatch "${FILESDIR}"/${P}-min-size-check.patch +# epatch "${FILESDIR}"/${P}-robust.patch +} + +src_compile() { + egamesconf || die + jam -q || die "jam failed" + + einfo "Working in ${WORKDIR}/${PN}-data-${DATAVERSION}/" + cd "${WORKDIR}"/${PN}-data-${DATAVERSION} + egamesconf || die + jam -q || die "jam failed (on data package)" +} + +src_install() { + jam -sDESTDIR="${D}" -sappdocdir=/usr/share/doc/${PF} install || die "jam install failed" + + cd "${WORKDIR}"/${PN}-data-${DATAVERSION}/ + jam -sDESTDIR="${D}" -sappdocdir=/usr/share/doc/${PF} install || die "jam install failed (data package)" + + if use dedicated ; then + newinitd "${FILESDIR}/netpanzer.rc" netpanzer || die "newinitd failed" + sed -i \ + -e "s:GAMES_USER_DED:${GAMES_USER_DED}:" \ + -e "s:GENTOO_DIR:${GAMES_BINDIR}:" \ + "${D}/etc/init.d/netpanzer" \ + || die "sed failed" + + insinto /etc + doins "${FILESDIR}/netpanzer-ded.ini" || die "doins failed" + exeinto "${GAMES_BINDIR}" + doexe "${FILESDIR}/netpanzer-ded" || die "doexe failed" + sed -i \ + -e "s:GENTOO_DIR:${GAMES_BINDIR}:" \ + "${D}${GAMES_BINDIR}/netpanzer-ded" \ + || die "sed failed" + fi + make_desktop_entry netpanzer NetPanzer netpanzer.png + prepgamesdirs +} |