Subject: fix for vulnerability CVE-2008-3577 for OpenTTD 0.4.5 - 0.5.3 (Buffer overflow in "-g" parameter handling) From: OpenTTD developer team Origin: backport, https://github.com/OpenTTD/OpenTTD/commit/6860193 Bug: Buffer overflow allowing local users to possibly execute arbitrary code via a large filename supplied to the ā€œ-gā€ parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments. Index: openttd.c =================================================================== --- openttd.c +++ openttd.c @@ -458,7 +458,7 @@ case 'i': _use_dos_palette = true; break; case 'g': if (mgo.opt != NULL) { - strcpy(_file_to_saveload.name, mgo.opt); + ttd_strlcpy(_file_to_saveload.name, mgo.opt, sizeof(_file_to_saveload.name)); _switch_mode = SM_LOAD; } else { _switch_mode = SM_NEWGAME;