From: Artur Byszko <bajkero@security.hack.pl>
Date: Wed, 13 Aug 2003 01:33:02 +0000 (+0000)
Subject: fix buffer overflow vulnerability in NetGenFunc
X-Git-Tag: v0.52~1
X-Git-Url: http://git.shiar.nl/netris.git/commitdiff_plain/c10d1dbf9b8a08c22c5aae88fb92f9a282fe1120?ds=sidebyside

fix buffer overflow vulnerability in NetGenFunc
---

diff --git a/README b/README
index 9420e20..9b1886a 100644
--- a/README
+++ b/README
@@ -51,6 +51,12 @@ how it goes, and send me diffs if needed!
 See the FAQ in this directory if you have any problems.
 
 
+FIXED IN VERSION 0.52
+=====================
+Fixed a buffer overflow vulnerability discovered by
+Artur Byszko / bajkero <bajkero@security.hack.pl>
+
+
 NEW IN VERSION 0.5
 ==================
 Netris now specifically looks for ncurses and uses color if it's
diff --git a/inet.c b/inet.c
index dbfe748..a8d9a9d 100644
--- a/inet.c
+++ b/inet.c
@@ -151,6 +151,9 @@ static MyEventType NetGenFunc(EventGenRec *gen, MyEvent *event)
 	memcpy(data, netBuf, sizeof(data));
 	type = ntoh2(data[0]);
 	size = ntoh2(data[1]);
+	if (size >= sizeof(netBuf))
+		fatal("Received an invalid packet (too large), possibly an attempt\n"
+			  "  to exploit a vulnerability in versions before 0.52 !");
 	netBufGoal = size;
 	if (netBufSize < netBufGoal)
 		return E_none;