Subject: fix for vulnerability CVE-2008-3577 for OpenTTD 0.4.5 - 0.5.3 (Buffer overflow in "-g" parameter handling)
From: OpenTTD developer team <info@openttd.org>
Origin: backport, https://github.com/OpenTTD/OpenTTD/commit/6860193
Bug:

Buffer overflow allowing local users to possibly execute arbitrary code via a
large filename supplied to the “-g” parameter in the ttd_main function.

NOTE: it is unlikely that this issue would cross privilege boundaries in
typical environments.


Index: openttd.c
===================================================================
--- openttd.c
+++ openttd.c
@@ -458,7 +458,7 @@
 		case 'i': _use_dos_palette = true; break;
 		case 'g':
 			if (mgo.opt != NULL) {
-				strcpy(_file_to_saveload.name, mgo.opt);
+				ttd_strlcpy(_file_to_saveload.name, mgo.opt, sizeof(_file_to_saveload.name));
 				_switch_mode = SM_LOAD;
 			} else {
 				_switch_mode = SM_NEWGAME;