From dc0c8b2ca0f3867f1b4641092b9f90738ca8c7af Mon Sep 17 00:00:00 2001 From: Helmut Grohne Date: Tue, 19 Jan 2010 20:34:06 +0100 Subject: fixed a buffer overrun and use of uninitialized The target buffer for the memcpy only takes like 24 chars. strcat on an uninitialized buffer is a bad idea. --- src/map/npc.c | 2 +- src/map/tmw.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/map') diff --git a/src/map/npc.c b/src/map/npc.c index 4ff5ba2..edbf548 100644 --- a/src/map/npc.c +++ b/src/map/npc.c @@ -74,7 +74,7 @@ int npc_enable_sub (struct block_list *bl, va_list ap) if (nd->flag & 1) // �������������� return 1; - memcpy (name, nd->name, 50); + memcpy (name, nd->name, sizeof(nd->name)); if (sd->areanpc_id == nd->bl.id) return 1; sd->areanpc_id = nd->bl.id; diff --git a/src/map/tmw.c b/src/map/tmw.c index 2849983..3c506c5 100644 --- a/src/map/tmw.c +++ b/src/map/tmw.c @@ -146,7 +146,7 @@ void tmw_GmHackMsg (const char *fmt, ...) va_end (ap); char outbuf[512 + 5]; - strcat (outbuf, "[GM] "); + strcpy (outbuf, "[GM] "); strcat (outbuf, buf); intif_wis_message_to_gm (wisp_server_name, -- cgit v1.2.3-60-g2f50