Fix possible remote DoS of a running hunt game, and prevent a possible

theoretical attack involving >= 1 billion ammo.
2009-06-28 18:59:37 +00:00 · 2009-06-28 18:59:37 +00:00 · 4c08f5f97e
commit 4c08f5f97e
parent fe55ad324c
1 changed files with 9 additions and 3 deletions
--- a/games/hunt/huntd/answer.c
+++ b/games/hunt/huntd/answer.c
@ -1,4 +1,4 @@
-/*	$NetBSD: answer.c,v 1.9 2008/01/28 03:23:29 dholland Exp $	*/
+/*	$NetBSD: answer.c,v 1.10 2009/06/28 18:59:37 dholland Exp $	*/
 /*
 * Copyright (c) 1983-2003, Regents of the University of California.
 * All rights reserved.
@ -32,7 +32,7 @@

 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: answer.c,v 1.9 2008/01/28 03:23:29 dholland Exp $");
+__RCSID("$NetBSD: answer.c,v 1.10 2009/06/28 18:59:37 dholland Exp $");
 #endif /* not lint */

 # include	<ctype.h>
@ -101,6 +101,12 @@ answer()
 	(void) read(newsock, (char *) &mode, sizeof mode);
 	mode = ntohl(mode);

+	/*
+	 * Ensure null termination.
+	 */
+	name[sizeof(name)-1] = '\0';
+	Ttyname[sizeof(Ttyname)-1] = '\0';
+
 	/*
 	 * Turn off blocking I/O, so a slow or dead terminal won't stop
 	 * the game.  All subsequent reads check how many bytes they read.
@ -317,7 +323,7 @@ stplayer(newpp, enter_status)
 	y = STAT_PLAY_ROW + 1 + (newpp - Player);
 	for (pp = Player; pp < End_player; pp++) {
 		if (pp != newpp) {
-			char	smallbuf[10];
+			char	smallbuf[16];

 			pp->p_ammo += NSHOTS;
 			newpp->p_ammo += NSHOTS;