Fix overflow in map zones.

2 files changed, 9 insertions, 7 deletions

diff --git a/src/map/map.c b/src/map/map.c
index 90b304865..8386b3c3d 100644
--- a/src/map/map.c
+++ b/src/map/map.c
@@ -5119,11 +5119,12 @@ bool map_zone_mf_cache(int m, char *flag, char *params) {
 		}
 	} else if (!strcmpi(flag,"adjust_unit_duration")) {
 		int skill_id, k;
-		char skill_name[MAP_ZONE_MAPFLAG_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH];
-		size_t len = strlen(params);
+		char skill_name[MAX_SKILL_NAME_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH];
+		size_t len;
 
 		modifier[0] = '\0';
-		memcpy(skill_name, params, MAP_ZONE_MAPFLAG_LENGTH);
+		safestrncpy(skill_name, params, MAX_SKILL_NAME_LENGTH);
+		len = strlen(skill_name);
 
 		for(k = 0; k < len; k++) {
 			if( skill_name[k] == '\t' ) {
@@ -5152,11 +5153,12 @@ bool map_zone_mf_cache(int m, char *flag, char *params) {
 		}
 	} else if (!strcmpi(flag,"adjust_skill_damage")) {
 		int skill_id, k;
-		char skill_name[MAP_ZONE_MAPFLAG_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH];
-		size_t len = strlen(params);
+		char skill_name[MAX_SKILL_NAME_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH];
+		size_t len;
 
 		modifier[0] = '\0';
-		memcpy(skill_name, params, MAP_ZONE_MAPFLAG_LENGTH);
+		safestrncpy(skill_name, params, MAX_SKILL_NAME_LENGTH);
+		len = strlen(skill_name);
 
 		for(k = 0; k < len; k++) {
 			if( skill_name[k] == '\t' ) {
diff --git a/src/map/map.h b/src/map/map.h
index d6afdc160..0618b0da8 100644
--- a/src/map/map.h
+++ b/src/map/map.h
@@ -740,7 +740,7 @@ enum map_zone_merge_type {
 #define MAP_ZONE_BG_NAME "Battlegrounds"
 #define MAP_ZONE_CVC_NAME "CvC"
 #define MAP_ZONE_PK_NAME "PK Mode"
-#define MAP_ZONE_MAPFLAG_LENGTH 50
+#define MAP_ZONE_MAPFLAG_LENGTH 65
 
 struct map_zone_data {
 	char name[MAP_ZONE_NAME_LENGTH];/* 20'd */