summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrei Karas <akaras@inbox.ru>2017-07-27 01:08:15 +0300
committerAndrei Karas <akaras@inbox.ru>2017-07-27 01:40:12 +0300
commit415860ebaeb990c0c8da27cc7aa565a137b97fe9 (patch)
tree379bc512894f445da63207d58c0956ea503a5f01
parent30ba171e28b10c5f9355cab5902fa311a234d833 (diff)
downloadhercules-415860ebaeb990c0c8da27cc7aa565a137b97fe9.tar.gz
hercules-415860ebaeb990c0c8da27cc7aa565a137b97fe9.tar.bz2
hercules-415860ebaeb990c0c8da27cc7aa565a137b97fe9.tar.xz
hercules-415860ebaeb990c0c8da27cc7aa565a137b97fe9.zip
Fix possible buffer overflows with snprintf.
-rw-r--r--src/char/int_mail.c2
-rw-r--r--src/map/clif.c2
-rw-r--r--src/map/homunculus.c2
-rw-r--r--src/map/itemdb.c4
-rw-r--r--src/map/map.c4
-rw-r--r--src/map/mob.c8
-rw-r--r--src/map/npc.c4
-rw-r--r--src/map/quest.c2
-rw-r--r--src/map/script.c2
-rw-r--r--src/map/status.c2
10 files changed, 16 insertions, 16 deletions
diff --git a/src/char/int_mail.c b/src/char/int_mail.c
index 1d00b0fdf..7f054eda1 100644
--- a/src/char/int_mail.c
+++ b/src/char/int_mail.c
@@ -426,7 +426,7 @@ void mapif_parse_mail_return(int fd)
safestrncpy(msg.dest_name, temp_, NAME_LENGTH);
// set reply message title
- snprintf(temp_, MAIL_TITLE_LENGTH, "RE:%s", msg.title);
+ safesnprintf(temp_, MAIL_TITLE_LENGTH, "RE:%s", msg.title);
safestrncpy(msg.title, temp_, MAIL_TITLE_LENGTH);
msg.status = MAIL_NEW;
diff --git a/src/map/clif.c b/src/map/clif.c
index 905b6a3ce..bb4d53a99 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -17726,7 +17726,7 @@ void clif_cashshop_db(void) {
if( cashshop != NULL && (cats = libconfig->setting_get_elem(cashshop, 0)) != NULL ) {
for(i = 0; i < CASHSHOP_TAB_MAX; i++) {
struct config_setting_t *cat;
- char entry_name[10];
+ char entry_name[15];
sprintf(entry_name,"cat_%d",i);
diff --git a/src/map/homunculus.c b/src/map/homunculus.c
index 91a455416..ddaf3443a 100644
--- a/src/map/homunculus.c
+++ b/src/map/homunculus.c
@@ -1215,7 +1215,7 @@ void homunculus_read_db(void) {
if( i > 0 ) {
char filepath[256];
- snprintf(filepath, 256, "%s/%s", map->db_path, filename[i]);
+ safesnprintf(filepath, 256, "%s/%s", map->db_path, filename[i]);
if( !exists(filepath) ) {
continue;
diff --git a/src/map/itemdb.c b/src/map/itemdb.c
index 9a43bae14..2b0847e1a 100644
--- a/src/map/itemdb.c
+++ b/src/map/itemdb.c
@@ -1527,7 +1527,7 @@ void itemdb_read_combos(void)
char filepath[256];
FILE* fp;
- snprintf(filepath, 256, "%s/%s", map->db_path, DBPATH"item_combo_db.txt");
+ safesnprintf(filepath, 256, "%s/%s", map->db_path, DBPATH"item_combo_db.txt");
if ((fp = fopen(filepath, "r")) == NULL) {
ShowError("itemdb_read_combos: File not found \"%s\".\n", filepath);
@@ -2231,7 +2231,7 @@ int itemdb_readdb_libconfig(const char *filename) {
nullpo_ret(filename);
- sprintf(filepath, "%s/%s", map->db_path, filename);
+ safesnprintf(filepath, sizeof(filepath), "%s/%s", map->db_path, filename);
if (!libconfig->load_file(&item_db_conf, filepath))
return 0;
diff --git a/src/map/map.c b/src/map/map.c
index 16d5e645d..17156f631 100644
--- a/src/map/map.c
+++ b/src/map/map.c
@@ -3741,7 +3741,7 @@ int map_readallmaps (void) {
ShowStatus("Loading maps (using GRF files)...\n");
else {
char mapcachefilepath[256];
- snprintf(mapcachefilepath, 256, "%s/%s%s", map->db_path, DBPATH, "map_cache.dat");
+ safesnprintf(mapcachefilepath, 256, "%s/%s%s", map->db_path, DBPATH, "map_cache.dat");
ShowStatus("Loading maps (using %s as map cache)...\n", mapcachefilepath);
if( (fp = fopen(mapcachefilepath, "rb")) == NULL ) {
ShowFatalError("Unable to open map cache file "CL_WHITE"%s"CL_RESET"\n", mapcachefilepath);
@@ -4396,7 +4396,7 @@ struct map_zone_data *map_merge_zone(struct map_zone_data *main, struct map_zone
nullpo_retr(NULL, main);
nullpo_retr(NULL, other);
- snprintf(newzone, MAP_ZONE_NAME_LENGTH, "%s+%s", main->name, other->name);
+ safesnprintf(newzone, MAP_ZONE_NAME_LENGTH, "%s+%s", main->name, other->name);
if( (zone = strdb_get(map->zone_db, newzone)) )
return zone;/* this zone has already been merged */
diff --git a/src/map/mob.c b/src/map/mob.c
index 52705cf4d..98f8865a9 100644
--- a/src/map/mob.c
+++ b/src/map/mob.c
@@ -3350,7 +3350,7 @@ int mobskill_use(struct mob_data *md, int64 tick, int event) {
char name[NAME_LENGTH];
snprintf(name, sizeof name,"%s", md->name);
strtok(name, "#"); // discard extra name identifier if present [Daegaladh]
- snprintf(temp, sizeof temp,"%s : %s", name, mc->msg);
+ safesnprintf(temp, sizeof temp,"%s : %s", name, mc->msg);
clif->messagecolor(&md->bl, mc->color, temp);
}
if(!(battle_config.mob_ai&0x200)) { //pass on delay to same skill.
@@ -4494,7 +4494,7 @@ int mob_read_libconfig(const char *filename, bool ignore_missing)
int i = 0, count = 0;
nullpo_ret(filename);
- sprintf(filepath, "%s/%s", map->db_path, filename);
+ safesnprintf(filepath, sizeof(filepath), "%s/%s", map->db_path, filename);
if (ignore_missing && !exists(filepath))
return 0;
@@ -4720,7 +4720,7 @@ void mob_readchatdb(void) {
char line[1024], filepath[256];
int i, tmp=0;
FILE *fp;
- sprintf(filepath, "%s/%s", map->db_path, arc);
+ safesnprintf(filepath, sizeof(filepath), "%s/%s", map->db_path, arc);
fp=fopen(filepath, "r");
if(fp == NULL) {
ShowWarning("mob_readchatdb: File not found \"%s\", skipping.\n", filepath);
@@ -5046,7 +5046,7 @@ void mob_readskilldb(void) {
for( fi = 0; fi < ARRAYLENGTH(filename); ++fi ) {
if(fi > 0) {
char filepath[256];
- snprintf(filepath, 256, "%s/%s", map->db_path, filename[fi]);
+ safesnprintf(filepath, 256, "%s/%s", map->db_path, filename[fi]);
if(!exists(filepath)) {
continue;
}
diff --git a/src/map/npc.c b/src/map/npc.c
index a358fd2fb..38996a0a3 100644
--- a/src/map/npc.c
+++ b/src/map/npc.c
@@ -2724,10 +2724,10 @@ struct npc_data* npc_add_warp(char* name, short from_mapid, short from_x, short
flag = 1;
if (flag == 1)
- snprintf(nd->exname, ARRAYLENGTH(nd->exname), "warp_%d_%d_%d", from_mapid, from_x, from_y);
+ safesnprintf(nd->exname, ARRAYLENGTH(nd->exname), "warp_%d_%d_%d", from_mapid, from_x, from_y);
for( i = 0; npc->name2id(nd->exname) != NULL; ++i )
- snprintf(nd->exname, ARRAYLENGTH(nd->exname), "warp%d_%d_%d_%d", i, from_mapid, from_x, from_y);
+ safesnprintf(nd->exname, ARRAYLENGTH(nd->exname), "warp%d_%d_%d_%d", i, from_mapid, from_x, from_y);
safestrncpy(nd->name, nd->exname, ARRAYLENGTH(nd->name));
nd->u.warp.mapindex = to_mapindex;
diff --git a/src/map/quest.c b/src/map/quest.c
index 4e3362adb..4c5dcb59f 100644
--- a/src/map/quest.c
+++ b/src/map/quest.c
@@ -544,7 +544,7 @@ int quest_read_db(void)
int i = 0, count = 0;
const char *filename = "quest_db.conf";
- snprintf(filepath, 256, "%s/%s", map->db_path, filename);
+ safesnprintf(filepath, 256, "%s/%s", map->db_path, filename);
if (!libconfig->load_file(&quest_db_conf, filepath))
return -1;
diff --git a/src/map/script.c b/src/map/script.c
index c23a335c3..31af59891 100644
--- a/src/map/script.c
+++ b/src/map/script.c
@@ -2296,7 +2296,7 @@ void read_constdb(void)
struct config_setting_t *t;
int i = 0;
- snprintf(filepath, 256, "%s/constants.conf", map->db_path);
+ safesnprintf(filepath, 256, "%s/constants.conf", map->db_path);
if (!libconfig->load_file(&constants_conf, filepath))
return;
diff --git a/src/map/status.c b/src/map/status.c
index 7836b414d..166b33e6f 100644
--- a/src/map/status.c
+++ b/src/map/status.c
@@ -13416,7 +13416,7 @@ int status_readdb_refine_libconfig(const char *filename)
char filepath[256];
int i = 0, count = 0;
- sprintf(filepath, "%s/%s", map->db_path, filename);
+ safesnprintf(filepath, sizeof(filepath), "%s/%s", map->db_path, filename);
if (!libconfig->load_file(&refine_db_conf, filepath))
return 0;