games-board/gnuchess: CVE-2021-30184

Bug: https://bugs.gentoo.org/780855
Signed-off-by: Sebastian Pipping <[email protected]>
Package-Manager: Portage-3.0.19, Repoman-3.0.3

games-board/gnuchess/files/gnuchess-6.2.8-cve-2021-30184.patch

@@ -0,0 +1,72 @@
+From 7059e40c7a487b17886e1d345b52fc0cfca8df72 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <[email protected]>
+Date: Wed, 2 Jun 2021 13:15:29 +0200
+Subject: [PATCH] frontend/cmd.cc: Fix buffer overflow CVE-2021-30184
+
+Based on prior work by Michael Vaughan,
+with "break;" replaced by "return;" and
+magic number 9 resolved by strlen("setboard ").
+
+Mimics close-to-identical existing code from
+elsewhere in the the same file.
+---
+ src/frontend/cmd.cc | 30 ++++++++++++++++++++++--------
+ 1 file changed, 22 insertions(+), 8 deletions(-)
+
+diff --git a/src/frontend/cmd.cc b/src/frontend/cmd.cc
+index a321fc2..394d03f 100644
+--- a/src/frontend/cmd.cc
++++ b/src/frontend/cmd.cc
+@@ -477,13 +477,20 @@ void cmd_pgnload(void)
+     return;
+   }
+
+-  strcpy( data, "setboard " );
++  const char setboardCmd[] = "setboard ";
++  unsigned int setboardLen = strlen(setboardCmd);
++  strcpy( data, setboardCmd );
+   int i=0;
+   while ( epdline[i] != '\n' ) {
+-    data[i+9] = epdline[i];
+-    ++i;
++    if (i + setboardLen < MAXSTR - 1) {
++      data[i+setboardLen] = epdline[i];
++      ++i;
++    } else {
++      printf( _("Error reading contents of file '%s'.\n"), token[1] );
++      return;
++    }
+   }
+-  data[i+9] = '\0';
++  data[i+setboardLen] = '\0';
+   SetDataToEngine( data );
+   SetAutoGo( true );
+   pgnloaded = 0;
+@@ -501,13 +508,20 @@ void cmd_pgnreplay(void)
+     return;
+   }
+
+-  strcpy( data, "setboard " );
++  const char setboardCmd[] = "setboard ";
++  unsigned int setboardLen = strlen(setboardCmd);
++  strcpy( data, setboardCmd );
+   int i=0;
+   while ( epdline[i] != '\n' ) {
+-    data[i+9] = epdline[i];
+-    ++i;
++    if (i + setboardLen < MAXSTR - 1) {
++      data[i+setboardLen] = epdline[i];
++      ++i;
++    } else {
++      printf( _("Error reading contents of file '%s'.\n"), token[1] );
++      return;
++    }
+   }
+-  data[i+9] = '\0';
++  data[i+setboardLen] = '\0';
+
+   SetDataToEngine( data );
+   SetAutoGo( true );
+-- 
+2.31.1
+

games-board/gnuchess/gnuchess-6.2.8-r1.ebuild

@@ -0,0 +1,21 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+DESCRIPTION="Console based chess interface"
+HOMEPAGE="https://www.gnu.org/software/chess/chess.html"
+SRC_URI="mirror://gnu/chess/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-cve-2021-30184.patch  # bug 780855
+)
+
+src_configure() {
+	# bug #491088
+	econf --without-readline
+}