This is the mail archive of the xconq7@sources.redhat.com mailing list for the Xconq project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: buffer overflow in unix.c (was Re: Various problem with xconq)

From: Hans Ronne <hronne at pp dot sbbs dot se>
To: Jim Kingdon <kingdon at panix dot com>
Cc: xconq7 at sources dot redhat dot com
Date: Sat, 2 Feb 2002 04:03:23 +0100
Subject: Re: buffer overflow in unix.c (was Re: Various problem with xconq)

>> >Last point, there is a major security issue in the parameter
>> >handeling. That was reported on bugtraq more than one year ago, and a
>> >patch were contributed a short while ago. See
>> >http://bugs.debian.org/80576 for more details.
>>
>> This patch seems straightforward. I will see to it that it goes into
>> the CVS sources.
>
>Ha!
>
>You were too slow, Hans ;-).
>
>I checked it in but the patch had missed one case - they forgot to add
>one for the ".".  So I corrected that in the version I checked in.

Great. One thing less for me to worry about. Maybe you could take a look at
the other gcc errors Martin got, too? Most of them were warnings for
uninitialized variables, just like this one.

Hans

P.S. I doubt thís uninitialzed variable was responsible for the
"ai-resign-to-early" syndrome, though. That particular bug is something I
fixed, at least partially, one year ago. The main problem was in big
see-all games, where the ai would see all the other units in the game (most
of them Independents of course) and be so intimidated that it would resign
after one turn. See my comments about Iceland and China in the code :-).

Hans Ronne

hronne@pp.sbbs.se

References:
- buffer overflow in unix.c (was Re: Various problem with xconq)
  - From: Jim Kingdon

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]