Fix remote crash #136222.

Package-Manager: portage-2.1

2 files changed, 18 insertions, 0 deletions

diff --git a/games-action/0verkill/files/0verkill-0.16-underflow-check.patch b/games-action/0verkill/files/0verkill-0.16-underflow-check.patch
new file mode 100644
index 000000000000..d0af396deafd
--- /dev/null
+++ b/games-action/0verkill/files/0verkill-0.16-underflow-check.patch
@@ -0,0 +1,17 @@
+The vulnerability is cause due to an integer underflow error in "recv_packet()"
+within the handling of a received UDP packet. This can be exploited to cause
+out-of-bounds memory access which crashes the server process via a UDP packet
+that is smaller than 12 bytes in size.
+
+http://bugs.gentoo.org/136222
+
+--- 0verkill-0.16/net.c
++++ 0verkill-0.16/net.c
+@@ -84,6 +84,7 @@
+ 	p=mem_alloc(max_len+12);
+ 	if (!p)return -1;  /* not enough memory */
+ 	retval=recvfrom(fd,p,max_len+12,0,addr,addr_len);
++	if (retval<12)return -1; /* not enough data from network */
+ 	memcpy(packet,p+12,max_len);
+ 	crc=p[0]+(p[1]<<8)+(p[2]<<16)+(p[3]<<24);
+ 	s=p[4]+(p[5]<<8)+(p[6]<<16)+(p[7]<<24);
diff --git a/games-action/0verkill/files/digest-0verkill-0.16-r3 b/games-action/0verkill/files/digest-0verkill-0.16-r3
new file mode 100644
index 000000000000..d7375b8806ba
--- /dev/null
+++ b/games-action/0verkill/files/digest-0verkill-0.16-r3
@@ -0,0 +1 @@
+MD5 814097fc21a82723a40ec8ae5dd792a7 0verkill-0.16.tgz 276579