]> granicus.if.org Git - nethack/commit
projects / nethack / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6c1d287) | patch
nethack -s buffer overflow fix
authorcohrs <cohrs>
Mon, 10 Feb 2003 19:01:58 +0000 (19:01 +0000)
committercohrs <cohrs>
Mon, 10 Feb 2003 19:01:58 +0000 (19:01 +0000)
commit8930e5b4426a66a081153c6b5a08fe77143d64f7
tree8bffd438a267d29f974435212164f6757c521b28tree | snapshot
parent6c1d28753c016c00cfb92e214447a3e9cf8a7c0acommit | diff
nethack -s buffer overflow fix
When printing invalid player names in -s mode, it was possible to overflow
the output buffer due to a missing buffer size check.  On shared Unix-like
systems with executable stacks, this could be used as a security exploit,
eg to obtain a shell running as user or group games.
While I was at it, removed a dead block of "#if 0" code
doc/fixes34.1 diff | blob | history
src/topten.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.