summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorultramage <ultramage@54d463be-8e91-2dee-dedb-b68131a5f0ec>2007-12-18 22:06:36 +0000
committerultramage <ultramage@54d463be-8e91-2dee-dedb-b68131a5f0ec>2007-12-18 22:06:36 +0000
commit792e9de933b8d85ab486e9ddbc3e545b04ddea08 (patch)
tree65fea40e8b475377c669dd744f738a97c6e61176
parentb01e1cda28ba47b513cc6dc888dc9b9da0c058d0 (diff)
downloadhercules-792e9de933b8d85ab486e9ddbc3e545b04ddea08.tar.gz
hercules-792e9de933b8d85ab486e9ddbc3e545b04ddea08.tar.bz2
hercules-792e9de933b8d85ab486e9ddbc3e545b04ddea08.tar.xz
hercules-792e9de933b8d85ab486e9ddbc3e545b04ddea08.zip
Fixed a possible buffer overflow in @partyoption code.
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@11947 54d463be-8e91-2dee-dedb-b68131a5f0ec
-rw-r--r--Changelog-Trunk.txt1
-rw-r--r--src/map/atcommand.c13
2 files changed, 7 insertions, 7 deletions
diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt
index e146ea5e7..cd6c93f73 100644
--- a/Changelog-Trunk.txt
+++ b/Changelog-Trunk.txt
@@ -4,6 +4,7 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK. ALL UNTESTED BUGFIXES/FEATURES GO
IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
2007/12/18
+ * Fixed a possible buffer overflow in @partyoption [ultramage]
* Updated respawn time interpretation according to latest kRO update [Playtester]
- this first time is the "min respawn time"
- the second time is the "variance" which is added to the "min respawn time"
diff --git a/src/map/atcommand.c b/src/map/atcommand.c
index 1a6e9509b..b90d2c6b6 100644
--- a/src/map/atcommand.c
+++ b/src/map/atcommand.c
@@ -6012,7 +6012,7 @@ int atcommand_partyoption(const int fd, struct map_session_data* sd, const char*
{
struct party_data *p;
int mi, option;
- char w1[15], w2[15];
+ char w1[16], w2[16];
nullpo_retr(-1, sd);
if (sd->status.party_id == 0 || (p = party_search(sd->status.party_id)) == NULL)
@@ -6020,9 +6020,8 @@ int atcommand_partyoption(const int fd, struct map_session_data* sd, const char*
clif_displaymessage(fd, msg_txt(282));
return -1;
}
-
- for (mi = 0; mi < MAX_PARTY && p->data[mi].sd != sd; mi++);
-
+
+ ARR_FIND( 0, MAX_PARTY, mi, p->data[mi].sd == sd );
if (mi == MAX_PARTY)
return -1; //Shouldn't happen
@@ -6031,15 +6030,15 @@ int atcommand_partyoption(const int fd, struct map_session_data* sd, const char*
clif_displaymessage(fd, msg_txt(282));
return -1;
}
-
+
if(!message || !*message || sscanf(message, "%15s %15s", w1, w2) < 2)
{
clif_displaymessage(fd, "Command usage: @changeoption <pickup share: yes/no> <item distribution: yes/no>");
return -1;
}
- w1[14] = w2[14] = '\0'; //Assure a proper string terminator.
+
option = (config_switch(w1)?1:0)|(config_switch(w2)?2:0);
-
+
//Change item share type.
if (option != p->party.item)
party_changeoption(sd, p->party.exp, option);