#! /bin/sh /usr/share/dpatch/dpatch-run
## 09_fix_-icshost_buffer_overflow.dpatch by Florian Ernst <florian@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Of minor importance, though, as there is probably no attack vector
## DP: See bug#343560

@DPATCH@
diff -urNad xboard-4.2.7~/backend.c xboard-4.2.7/backend.c
--- xboard-4.2.7~/backend.c	2003-11-28 10:37:36.000000000 +0100
+++ xboard-4.2.7/backend.c	2005-12-16 22:19:16.000000000 +0100
@@ -692,7 +692,7 @@
 		sprintf(buf, "Could not open comm port %s",  
 			appData.icsCommPort);
 	    } else {
-		sprintf(buf, "Could not connect to host %s, port %s",  
+		snprintf(buf, sizeof(buf), "Could not connect to host %s, port %s",  
 			appData.icsHost, appData.icsPort);
 	    }
 	    DisplayFatalError(buf, err, 1);
@@ -869,18 +869,18 @@
     } else if (*appData.gateway != NULLCHAR) {
 	if (*appData.remoteShell == NULLCHAR) {
 	    /* Use the rcmd protocol to run telnet program on a gateway host */
-	    sprintf(buf, "%s %s %s",
+	    snprintf(buf, sizeof(buf), "%s %s %s",
 		    appData.telnetProgram, appData.icsHost, appData.icsPort);
 	    return OpenRcmd(appData.gateway, appData.remoteUser, buf, &icsPR);
 
 	} else {
 	    /* Use the rsh program to run telnet program on a gateway host */
 	    if (*appData.remoteUser == NULLCHAR) {
-		sprintf(buf, "%s %s %s %s %s", appData.remoteShell,
+		snprintf(buf, sizeof(buf), "%s %s %s %s %s", appData.remoteShell,
 			appData.gateway, appData.telnetProgram,
 			appData.icsHost, appData.icsPort);
 	    } else {
-		sprintf(buf, "%s %s -l %s %s %s %s",
+		snprintf(buf, sizeof(buf), "%s %s -l %s %s %s %s",
 			appData.remoteShell, appData.gateway, 
 			appData.remoteUser, appData.telnetProgram,
 			appData.icsHost, appData.icsPort);
@@ -1684,7 +1684,7 @@
 
 	    if (loggedOn && !have_set_title && ics_handle[0] != NULLCHAR) {
 	      char buf[MSG_SIZ];
-	      sprintf(buf, "%s@%s", ics_handle, appData.icsHost);
+	      snprintf(buf, sizeof(buf), "%s@%s", ics_handle, appData.icsHost);
 	      DisplayIcsInteractionTitle(buf);
 	      have_set_title = TRUE;
 	    }
@@ -4882,7 +4882,7 @@
       SendToProgram(buf, cps);
     }
     if (cps->sendICS) {
-      sprintf(buf, "ics %s\n", appData.icsActive ? appData.icsHost : "-");
+      snprintf(buf, sizeof(buf), "ics %s\n", appData.icsActive ? appData.icsHost : "-");
       SendToProgram(buf, cps);
     }
     cps->maybeThinking = FALSE;
diff -urNad xboard-4.2.7~/xboard.c xboard-4.2.7/xboard.c
--- xboard-4.2.7~/xboard.c	2003-11-19 09:42:18.000000000 +0100
+++ xboard-4.2.7/xboard.c	2005-12-16 22:19:16.000000000 +0100
@@ -6734,8 +6734,8 @@
 	strcpy(icon, text);
 	strcpy(title, text);
     } else if (appData.icsActive) {
-	sprintf(icon, "%s", appData.icsHost);
-	sprintf(title, "%s: %s", programName, appData.icsHost);
+	snprintf(icon, sizeof(icon), "%s", appData.icsHost);
+	snprintf(title, sizeof(title), "%s: %s", programName, appData.icsHost);
     } else if (appData.cmailGameName[0] != NULLCHAR) {
 	sprintf(icon, "%s", "CMail");
 	sprintf(title, "%s: %s", programName, "CMail");
@@ -6804,7 +6804,7 @@
     } else {
 	fprintf(stderr, "%s: %s: %s\n",
 		programName, message, strerror(error));
-	sprintf(buf, "%s: %s", message, strerror(error));
+	snprintf(buf, sizeof(buf), "%s: %s", message, strerror(error));
 	message = buf;
     }
     if (appData.popupExitMessage && boardWidget && XtIsRealized(boardWidget)) {
@@ -7488,9 +7488,9 @@
     char cmdLine[MSG_SIZ];
 
     if (port[0] == NULLCHAR) {
-	sprintf(cmdLine, "%s %s", appData.telnetProgram, host);
+	snprintf(cmdLine, sizeof(cmdLine), "%s %s", appData.telnetProgram, host);
     } else {
-	sprintf(cmdLine, "%s %s %s", appData.telnetProgram, host, port);
+	snprintf(cmdLine, sizeof(cmdLine), "%s %s %s", appData.telnetProgram, host, port);
     }
     return StartChildProcess(cmdLine, "", pr);
 }