From 67e82f1a0bc2a9078cfe11e0add190fa7cc4b891 Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Tue, 19 Jan 2010 20:24:19 +0100
Subject: fixed a few buffer overruns

strncpy does not always terminate strings. Unterminated strings
(without a length) are bad. So better terminate them.
---
 src/map/clif.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/map/clif.c')

diff --git a/src/map/clif.c b/src/map/clif.c
index c3099d7..86be79c 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -8204,14 +8204,14 @@ void clif_parse_NpcStringInput (int fd, struct map_session_data *sd)
 
     len = RFIFOW (fd, 2) - 7;
 
-    if (len >= sizeof (sd->npc_str))
+    if (len >= sizeof (sd->npc_str)-1)
     {
         printf ("clif: input string too long !\n");
         memcpy (sd->npc_str, RFIFOP (fd, 8), sizeof (sd->npc_str));
-        sd->npc_str[sizeof (sd->npc_str) - 1] = 0;
     }
     else
         strncpy (sd->npc_str, RFIFOP (fd, 8), len);
+    sd->npc_str[sizeof (sd->npc_str) - 1] = 0;
     map_scriptcont (sd, RFIFOL (fd, 4));
 }
 
-- 
cgit v1.2.3-60-g2f50