Reduce the amount of stack space needed for the new local variables in
readentry() by about half, from 3.5K to a bit over 1.75K. Also, reorganize
writeentry(), mostly hiding NO_SCAN_BRACK handling from the actual output.
Guard against buffer overflows when reading in score entries, in case
`record' has become corrupted or been maliciously modified. This addresses
the part of "#Q101: Security bug in nethack 3.4.3" that we have control
over. A Gentoo bug tracking discussion pointed out to us by <email deleted>, describes how that particular Linux
distribution makes users be members of the games group, allowing them to
modify files in nethack's playground directory when it has been set up in
the usual ``setgid games'' manner, thus making score processing in that
environment be vulnerable to buffer overrun exploits.
Provide a common routine that always does the right
thing with respect to timers and weight when altering
obj->corpsenm, and use it throughout the code.
Introduce a new set of functions to manage delayed killers in the trunk, used
in addressing the various reports of delayed killer confusion. Since existing
delayed killers are related to player properties, the delayed killers are
keyed by uprop indexes. I did this to avoid adding yet another set of
similar identifiers.
- the new delayed_killer() is used for stoning, sliming, sickness, and
delayed self-genocide while polymorphed. Some other timed events don't
use it (and didn't use the old delayed_killer variable) because they
use a fixed message when the timeout occurs.
- A new data structure, struct kinfo, is used to track both delayed and
immediate killers. This encapsulates all the info involved with
identifying a killer. The structure contains a buffer, which subsumes the
old killer_buf and several other buffers that didn't/couldn't use killer_buf.
- the killer list is saved and restored as part of the game state.
- the special case of usick_cause was removed and a delayed killer list
entry is now used in its place
- common code dealing with (un)sliming is moved to a new make_slimed function
- attempted to update all make dependencies for new end.c -> lev.h
dependency, sorry if I messed any up
Incorporate various killer message grammar fixes suggested by <Someone>.
Mostly these deal with using the proper killer_format and prefix ("the" or
no "the") for unique and type_is_pname monsters, or death to to eating
their corpses.
One case is handled by a general fix to name_to_mon to allow it to deal
with "Croesus' corpse".
The pre-3.4.1 topten behavior for "starved to death" messages is also restored.
Write "died of starvation" on the tombstone, not just "starvation".
Suggested by <Someone> a couple weeks ago, although his suggested
prefix was different and didn't work as well for the "exhaustion" case.
When printing invalid player names in -s mode, it was possible to overflow
the output buffer due to a missing buffer size check. On shared Unix-like
systems with executable stacks, this could be used as a security exploit,
eg to obtain a shell running as user or group games.
While I was at it, removed a dead block of "#if 0" code
<Someone> wrote:
> Linux, Redhat 7.1 nethack 3.4.0
>
>Please see attached patch file.
>
>I'm attempting to move more stuff into the "read-only" area, in
>preparation for a port to another OS.
<Someone> reported that the Ludios level is shown on death. It's not
shown on the tombstone, but it was displayed in the topten list.
Now it's not shown in the topten list either.
The NOCWD_ASSUMPTIONS conditional code allows readonly
parts of NetHack to be separated from areas that require write-access.
This allows the recent panic log needed a prefix.
