diff options
| author | skotlex <skotlex@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2006-04-20 19:30:24 +0000 |
|---|---|---|
| committer | skotlex <skotlex@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2006-04-20 19:30:24 +0000 |
| commit | b320ad27d7c644d9031ad31310eacfb014c75289 (patch) | |
| tree | cfb816e5b708abebf3e44f0ad44863c3621d534d | |
| parent | 4b055aaa1982a55e9cc3a59e98db0b291907c5f7 (diff) | |
| download | hercules-b320ad27d7c644d9031ad31310eacfb014c75289.tar.gz hercules-b320ad27d7c644d9031ad31310eacfb014c75289.tar.bz2 hercules-b320ad27d7c644d9031ad31310eacfb014c75289.tar.xz hercules-b320ad27d7c644d9031ad31310eacfb014c75289.zip | |
- Fixed buffer overflow in clif_MainChatMessage. It now prints a Debug message with the offending line.
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@6195 54d463be-8e91-2dee-dedb-b68131a5f0ec
| -rw-r--r-- | Changelog-Trunk.txt | 2 | ||||
| -rw-r--r-- | src/map/clif.c | 7 |
2 files changed, 7 insertions, 2 deletions
diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt index 48b7eb788..478570ad9 100644 --- a/Changelog-Trunk.txt +++ b/Changelog-Trunk.txt @@ -4,6 +4,8 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK. ALL UNTESTED BUGFIXES/FEATURES GO IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
2006/04/20
+ * Fixed buffer overflow in clif_MainChatMessage. It now prints a Debug
+ message with the offending line. [Skotlex]
* Cleaned up a bunch of GS/NJ skills [Skotlex]
* Fixed Gatling Fever crashing server when used by non players. [Skotlex]
* Added support for n to specify minutes to @charban. [Skotlex]
diff --git a/src/map/clif.c b/src/map/clif.c index 3aba4a0a1..0a73e03f4 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -4802,14 +4802,17 @@ void clif_GlobalMessage(struct block_list *bl,char *message) */
void clif_MainChatMessage(char* message) {
- char buf[100];
+ char buf[128];
int len;
if(!message)
return;
len = strlen(message)+1;
-
+ if (len+8 > sizeof(buf)) {
+ ShowDebug("clif_MainChatMessage: Received message too long (len %d): %s\n", len, message);
+ len = sizeof(buf)-8;
+ }
WBUFW(buf,0)=0x8d;
WBUFW(buf,2)=len+8;
WBUFL(buf,4)=0;
|