Description: check bounds of HOME environement variable
 After performing a minimal source code audit I noticed that
 gemdropx contains a lack of bounds checking on it's use of the
 HOME environmental variable.
 .
 As the game isn't setuid/setgid it's not a security issue, but
 it's probably something that should be fixed regardless.
Author: Steve Kemp <steve@steve.org.uk>
Bug-Debian: http://bugs.debian.org/203244
Reviewed-By: Christian T. Steigies <cts@debian.org>
Last-Update: 2003-07-28

--- gemdropx-0.9.orig/gemdropx.c
+++ gemdropx-0.9/gemdropx.c
@@ -2655,7 +2655,11 @@ int main(int argc, char * argv[])
   
   /* Get max level: */
   
-  sprintf(datafile, "%s/.gemdropx", getenv("HOME"));
+  if ( getenv("HOME" ) != NULL )
+    {
+      memset(datafile, '\0', sizeof(datafile));
+      snprintf(datafile,sizeof(datafile)-1, "%s/.gemdropx", getenv("HOME"));
+    }
   
   fi = fopen(datafile, "r");
   if (fi != NULL)
