diff options
author | Haru <haru@dotalux.com> | 2018-05-06 17:52:22 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-06 17:52:22 +0200 |
commit | b889108f6dea3e1765681b9eaf4a39a18c24eeec (patch) | |
tree | 40e2b55d2e4d1f4a38a0a36be7f9920dd9637ce4 | |
parent | d6785d389cbee4f34078f6762626ca61b2d6cc25 (diff) | |
parent | ed8fac40e2d6cbf11b9a4a1a8182cd28871e3e6d (diff) | |
download | hercules-b889108f6dea3e1765681b9eaf4a39a18c24eeec.tar.gz hercules-b889108f6dea3e1765681b9eaf4a39a18c24eeec.tar.bz2 hercules-b889108f6dea3e1765681b9eaf4a39a18c24eeec.tar.xz hercules-b889108f6dea3e1765681b9eaf4a39a18c24eeec.zip |
Merge pull request #2028 from 4144/warnings
Fix some possible buffer overflows.
-rw-r--r-- | src/common/grfio.c | 4 | ||||
-rw-r--r-- | src/common/sysinfo.c | 2 | ||||
-rw-r--r-- | src/common/utils.c | 2 | ||||
-rw-r--r-- | src/map/atcommand.c | 6 | ||||
-rw-r--r-- | src/map/clif.c | 12 | ||||
-rw-r--r-- | src/map/map.c | 14 | ||||
-rw-r--r-- | src/map/map.h | 2 |
7 files changed, 22 insertions, 20 deletions
diff --git a/src/common/grfio.c b/src/common/grfio.c index fba3dda86..d328f9c68 100644 --- a/src/common/grfio.c +++ b/src/common/grfio.c @@ -786,8 +786,8 @@ static bool grfio_parse_restable_row(const char *row) if (strstr(w2, ".gat") == NULL && strstr(w2, ".rsw") == NULL) return false; // we only need the maps' GAT and RSW files - sprintf(src, "data\\%s", w1); - sprintf(dst, "data\\%s", w2); + safesnprintf(src, 256, "data\\%s", w1); + safesnprintf(dst, 256, "data\\%s", w2); entry = grfio_filelist_find(dst); if (entry != NULL) { diff --git a/src/common/sysinfo.c b/src/common/sysinfo.c index 3c7e25a0c..0056aee1e 100644 --- a/src/common/sysinfo.c +++ b/src/common/sysinfo.c @@ -321,7 +321,7 @@ bool sysinfo_git_get_revision(char **out) while (*ref) { FILE *fp; - snprintf(filepath, sizeof(filepath), ".git/%s", ref); + safesnprintf(filepath, sizeof(filepath), ".git/%s", ref); if ((fp = fopen(filepath, "r")) != NULL) { if (fgets(line, sizeof(line)-1, fp) == NULL) { fclose(fp); diff --git a/src/common/utils.c b/src/common/utils.c index 0d76a885e..74c44d147 100644 --- a/src/common/utils.c +++ b/src/common/utils.c @@ -216,7 +216,7 @@ void findfile(const char *p, const char *pat, void (func)(const char*)) if (strcmp(entry->d_name, "..") == 0) continue; - sprintf(tmppath,"%s%c%s",path, PATHSEP, entry->d_name); + safesnprintf(tmppath, sizeof(tmppath), "%s%c%s", path, PATHSEP, entry->d_name); // check if the pattern matches. if (strstr(entry->d_name, pattern)) { diff --git a/src/map/atcommand.c b/src/map/atcommand.c index 9deed0098..90ba73fa6 100644 --- a/src/map/atcommand.c +++ b/src/map/atcommand.c @@ -6192,7 +6192,7 @@ ACMD(cleanarea) { *------------------------------------------*/ ACMD(npctalk) { - char name[NAME_LENGTH],mes[100],temp[100]; + char name[NAME_LENGTH], mes[100], temp[200]; struct npc_data *nd; bool ifcolor=(*(info->command + 7) != 'c' && *(info->command + 7) != 'C')?0:1; unsigned int color = 0; @@ -6229,7 +6229,7 @@ ACMD(npctalk) ACMD(pettalk) { - char mes[100],temp[100]; + char mes[100], temp[200]; struct pet_data *pd; if (battle_config.min_chat_delay) { @@ -7034,7 +7034,7 @@ ACMD(homhungry) *------------------------------------------*/ ACMD(homtalk) { - char mes[100],temp[100]; + char mes[100], temp[200]; if (battle_config.min_chat_delay) { if (DIFF_TICK(sd->cantalk_tick, timer->gettick()) > 0) diff --git a/src/map/clif.c b/src/map/clif.c index 47d5a1586..451b1fb17 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -19990,9 +19990,9 @@ void clif_rodex_send_maillist(int fd, struct map_session_data *sd, int8 open_typ } inner->Titlelength = (int16)strlen(msg->title) + 1; if (open_type != RODEX_OPENTYPE_RETURN) { - strncpy(inner->SenderName, msg->sender_name, sizeof(msg->sender_name)); + strncpy(inner->SenderName, msg->sender_name, sizeof(inner->SenderName)); } else { - strncpy(inner->SenderName, msg->receiver_name, sizeof(msg->receiver_name)); + strncpy(inner->SenderName, msg->receiver_name, sizeof(inner->SenderName)); } strncpy(inner->title, msg->title, inner->Titlelength); size += sizeof(*inner) + inner->Titlelength; @@ -20051,9 +20051,9 @@ void clif_rodex_send_mails_all(int fd, struct map_session_data *sd, int64 mail_i } inner->Titlelength = (int16)strlen(msg->title) + 1; if (msg->opentype != RODEX_OPENTYPE_RETURN) { - strncpy(inner->SenderName, msg->sender_name, sizeof(msg->sender_name)); + strncpy(inner->SenderName, msg->sender_name, sizeof(inner->SenderName)); } else { - strncpy(inner->SenderName, msg->receiver_name, sizeof(msg->receiver_name)); + strncpy(inner->SenderName, msg->receiver_name, sizeof(inner->SenderName)); } strncpy(inner->title, msg->title, inner->Titlelength); size += sizeof(*inner) + inner->Titlelength; @@ -20122,9 +20122,9 @@ void clif_rodex_send_refresh(int fd, struct map_session_data *sd, int8 open_type } inner->Titlelength = (int16)strlen(msg->title) + 1; if (open_type != RODEX_OPENTYPE_RETURN) { - strncpy(inner->SenderName, msg->sender_name, sizeof(msg->sender_name)); + strncpy(inner->SenderName, msg->sender_name, sizeof(inner->SenderName)); } else { - strncpy(inner->SenderName, msg->receiver_name, sizeof(msg->receiver_name)); + strncpy(inner->SenderName, msg->receiver_name, sizeof(inner->SenderName)); } strncpy(inner->title, msg->title, inner->Titlelength); size += sizeof(*inner) + inner->Titlelength; diff --git a/src/map/map.c b/src/map/map.c index 90b304865..8386b3c3d 100644 --- a/src/map/map.c +++ b/src/map/map.c @@ -5119,11 +5119,12 @@ bool map_zone_mf_cache(int m, char *flag, char *params) { } } else if (!strcmpi(flag,"adjust_unit_duration")) { int skill_id, k; - char skill_name[MAP_ZONE_MAPFLAG_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH]; - size_t len = strlen(params); + char skill_name[MAX_SKILL_NAME_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH]; + size_t len; modifier[0] = '\0'; - memcpy(skill_name, params, MAP_ZONE_MAPFLAG_LENGTH); + safestrncpy(skill_name, params, MAX_SKILL_NAME_LENGTH); + len = strlen(skill_name); for(k = 0; k < len; k++) { if( skill_name[k] == '\t' ) { @@ -5152,11 +5153,12 @@ bool map_zone_mf_cache(int m, char *flag, char *params) { } } else if (!strcmpi(flag,"adjust_skill_damage")) { int skill_id, k; - char skill_name[MAP_ZONE_MAPFLAG_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH]; - size_t len = strlen(params); + char skill_name[MAX_SKILL_NAME_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH]; + size_t len; modifier[0] = '\0'; - memcpy(skill_name, params, MAP_ZONE_MAPFLAG_LENGTH); + safestrncpy(skill_name, params, MAX_SKILL_NAME_LENGTH); + len = strlen(skill_name); for(k = 0; k < len; k++) { if( skill_name[k] == '\t' ) { diff --git a/src/map/map.h b/src/map/map.h index d6afdc160..0618b0da8 100644 --- a/src/map/map.h +++ b/src/map/map.h @@ -740,7 +740,7 @@ enum map_zone_merge_type { #define MAP_ZONE_BG_NAME "Battlegrounds" #define MAP_ZONE_CVC_NAME "CvC" #define MAP_ZONE_PK_NAME "PK Mode" -#define MAP_ZONE_MAPFLAG_LENGTH 50 +#define MAP_ZONE_MAPFLAG_LENGTH 65 struct map_zone_data { char name[MAP_ZONE_NAME_LENGTH];/* 20'd */ |