summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHaru <haru@dotalux.com>2018-05-06 17:52:22 +0200
committerGitHub <noreply@github.com>2018-05-06 17:52:22 +0200
commitb889108f6dea3e1765681b9eaf4a39a18c24eeec (patch)
tree40e2b55d2e4d1f4a38a0a36be7f9920dd9637ce4
parentd6785d389cbee4f34078f6762626ca61b2d6cc25 (diff)
parented8fac40e2d6cbf11b9a4a1a8182cd28871e3e6d (diff)
downloadhercules-b889108f6dea3e1765681b9eaf4a39a18c24eeec.tar.gz
hercules-b889108f6dea3e1765681b9eaf4a39a18c24eeec.tar.bz2
hercules-b889108f6dea3e1765681b9eaf4a39a18c24eeec.tar.xz
hercules-b889108f6dea3e1765681b9eaf4a39a18c24eeec.zip
Merge pull request #2028 from 4144/warnings
Fix some possible buffer overflows.
-rw-r--r--src/common/grfio.c4
-rw-r--r--src/common/sysinfo.c2
-rw-r--r--src/common/utils.c2
-rw-r--r--src/map/atcommand.c6
-rw-r--r--src/map/clif.c12
-rw-r--r--src/map/map.c14
-rw-r--r--src/map/map.h2
7 files changed, 22 insertions, 20 deletions
diff --git a/src/common/grfio.c b/src/common/grfio.c
index fba3dda86..d328f9c68 100644
--- a/src/common/grfio.c
+++ b/src/common/grfio.c
@@ -786,8 +786,8 @@ static bool grfio_parse_restable_row(const char *row)
if (strstr(w2, ".gat") == NULL && strstr(w2, ".rsw") == NULL)
return false; // we only need the maps' GAT and RSW files
- sprintf(src, "data\\%s", w1);
- sprintf(dst, "data\\%s", w2);
+ safesnprintf(src, 256, "data\\%s", w1);
+ safesnprintf(dst, 256, "data\\%s", w2);
entry = grfio_filelist_find(dst);
if (entry != NULL) {
diff --git a/src/common/sysinfo.c b/src/common/sysinfo.c
index 3c7e25a0c..0056aee1e 100644
--- a/src/common/sysinfo.c
+++ b/src/common/sysinfo.c
@@ -321,7 +321,7 @@ bool sysinfo_git_get_revision(char **out)
while (*ref) {
FILE *fp;
- snprintf(filepath, sizeof(filepath), ".git/%s", ref);
+ safesnprintf(filepath, sizeof(filepath), ".git/%s", ref);
if ((fp = fopen(filepath, "r")) != NULL) {
if (fgets(line, sizeof(line)-1, fp) == NULL) {
fclose(fp);
diff --git a/src/common/utils.c b/src/common/utils.c
index 0d76a885e..74c44d147 100644
--- a/src/common/utils.c
+++ b/src/common/utils.c
@@ -216,7 +216,7 @@ void findfile(const char *p, const char *pat, void (func)(const char*))
if (strcmp(entry->d_name, "..") == 0)
continue;
- sprintf(tmppath,"%s%c%s",path, PATHSEP, entry->d_name);
+ safesnprintf(tmppath, sizeof(tmppath), "%s%c%s", path, PATHSEP, entry->d_name);
// check if the pattern matches.
if (strstr(entry->d_name, pattern)) {
diff --git a/src/map/atcommand.c b/src/map/atcommand.c
index 9deed0098..90ba73fa6 100644
--- a/src/map/atcommand.c
+++ b/src/map/atcommand.c
@@ -6192,7 +6192,7 @@ ACMD(cleanarea) {
*------------------------------------------*/
ACMD(npctalk)
{
- char name[NAME_LENGTH],mes[100],temp[100];
+ char name[NAME_LENGTH], mes[100], temp[200];
struct npc_data *nd;
bool ifcolor=(*(info->command + 7) != 'c' && *(info->command + 7) != 'C')?0:1;
unsigned int color = 0;
@@ -6229,7 +6229,7 @@ ACMD(npctalk)
ACMD(pettalk)
{
- char mes[100],temp[100];
+ char mes[100], temp[200];
struct pet_data *pd;
if (battle_config.min_chat_delay) {
@@ -7034,7 +7034,7 @@ ACMD(homhungry)
*------------------------------------------*/
ACMD(homtalk)
{
- char mes[100],temp[100];
+ char mes[100], temp[200];
if (battle_config.min_chat_delay) {
if (DIFF_TICK(sd->cantalk_tick, timer->gettick()) > 0)
diff --git a/src/map/clif.c b/src/map/clif.c
index 47d5a1586..451b1fb17 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -19990,9 +19990,9 @@ void clif_rodex_send_maillist(int fd, struct map_session_data *sd, int8 open_typ
}
inner->Titlelength = (int16)strlen(msg->title) + 1;
if (open_type != RODEX_OPENTYPE_RETURN) {
- strncpy(inner->SenderName, msg->sender_name, sizeof(msg->sender_name));
+ strncpy(inner->SenderName, msg->sender_name, sizeof(inner->SenderName));
} else {
- strncpy(inner->SenderName, msg->receiver_name, sizeof(msg->receiver_name));
+ strncpy(inner->SenderName, msg->receiver_name, sizeof(inner->SenderName));
}
strncpy(inner->title, msg->title, inner->Titlelength);
size += sizeof(*inner) + inner->Titlelength;
@@ -20051,9 +20051,9 @@ void clif_rodex_send_mails_all(int fd, struct map_session_data *sd, int64 mail_i
}
inner->Titlelength = (int16)strlen(msg->title) + 1;
if (msg->opentype != RODEX_OPENTYPE_RETURN) {
- strncpy(inner->SenderName, msg->sender_name, sizeof(msg->sender_name));
+ strncpy(inner->SenderName, msg->sender_name, sizeof(inner->SenderName));
} else {
- strncpy(inner->SenderName, msg->receiver_name, sizeof(msg->receiver_name));
+ strncpy(inner->SenderName, msg->receiver_name, sizeof(inner->SenderName));
}
strncpy(inner->title, msg->title, inner->Titlelength);
size += sizeof(*inner) + inner->Titlelength;
@@ -20122,9 +20122,9 @@ void clif_rodex_send_refresh(int fd, struct map_session_data *sd, int8 open_type
}
inner->Titlelength = (int16)strlen(msg->title) + 1;
if (open_type != RODEX_OPENTYPE_RETURN) {
- strncpy(inner->SenderName, msg->sender_name, sizeof(msg->sender_name));
+ strncpy(inner->SenderName, msg->sender_name, sizeof(inner->SenderName));
} else {
- strncpy(inner->SenderName, msg->receiver_name, sizeof(msg->receiver_name));
+ strncpy(inner->SenderName, msg->receiver_name, sizeof(inner->SenderName));
}
strncpy(inner->title, msg->title, inner->Titlelength);
size += sizeof(*inner) + inner->Titlelength;
diff --git a/src/map/map.c b/src/map/map.c
index 90b304865..8386b3c3d 100644
--- a/src/map/map.c
+++ b/src/map/map.c
@@ -5119,11 +5119,12 @@ bool map_zone_mf_cache(int m, char *flag, char *params) {
}
} else if (!strcmpi(flag,"adjust_unit_duration")) {
int skill_id, k;
- char skill_name[MAP_ZONE_MAPFLAG_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH];
- size_t len = strlen(params);
+ char skill_name[MAX_SKILL_NAME_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH];
+ size_t len;
modifier[0] = '\0';
- memcpy(skill_name, params, MAP_ZONE_MAPFLAG_LENGTH);
+ safestrncpy(skill_name, params, MAX_SKILL_NAME_LENGTH);
+ len = strlen(skill_name);
for(k = 0; k < len; k++) {
if( skill_name[k] == '\t' ) {
@@ -5152,11 +5153,12 @@ bool map_zone_mf_cache(int m, char *flag, char *params) {
}
} else if (!strcmpi(flag,"adjust_skill_damage")) {
int skill_id, k;
- char skill_name[MAP_ZONE_MAPFLAG_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH];
- size_t len = strlen(params);
+ char skill_name[MAX_SKILL_NAME_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH];
+ size_t len;
modifier[0] = '\0';
- memcpy(skill_name, params, MAP_ZONE_MAPFLAG_LENGTH);
+ safestrncpy(skill_name, params, MAX_SKILL_NAME_LENGTH);
+ len = strlen(skill_name);
for(k = 0; k < len; k++) {
if( skill_name[k] == '\t' ) {
diff --git a/src/map/map.h b/src/map/map.h
index d6afdc160..0618b0da8 100644
--- a/src/map/map.h
+++ b/src/map/map.h
@@ -740,7 +740,7 @@ enum map_zone_merge_type {
#define MAP_ZONE_BG_NAME "Battlegrounds"
#define MAP_ZONE_CVC_NAME "CvC"
#define MAP_ZONE_PK_NAME "PK Mode"
-#define MAP_ZONE_MAPFLAG_LENGTH 50
+#define MAP_ZONE_MAPFLAG_LENGTH 65
struct map_zone_data {
char name[MAP_ZONE_NAME_LENGTH];/* 20'd */