diff options
author | ultramage <ultramage@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2007-12-18 22:06:36 +0000 |
---|---|---|
committer | ultramage <ultramage@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2007-12-18 22:06:36 +0000 |
commit | 792e9de933b8d85ab486e9ddbc3e545b04ddea08 (patch) | |
tree | 65fea40e8b475377c669dd744f738a97c6e61176 | |
parent | b01e1cda28ba47b513cc6dc888dc9b9da0c058d0 (diff) | |
download | hercules-792e9de933b8d85ab486e9ddbc3e545b04ddea08.tar.gz hercules-792e9de933b8d85ab486e9ddbc3e545b04ddea08.tar.bz2 hercules-792e9de933b8d85ab486e9ddbc3e545b04ddea08.tar.xz hercules-792e9de933b8d85ab486e9ddbc3e545b04ddea08.zip |
Fixed a possible buffer overflow in @partyoption code.
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@11947 54d463be-8e91-2dee-dedb-b68131a5f0ec
-rw-r--r-- | Changelog-Trunk.txt | 1 | ||||
-rw-r--r-- | src/map/atcommand.c | 13 |
2 files changed, 7 insertions, 7 deletions
diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt index e146ea5e7..cd6c93f73 100644 --- a/Changelog-Trunk.txt +++ b/Changelog-Trunk.txt @@ -4,6 +4,7 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK. ALL UNTESTED BUGFIXES/FEATURES GO IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK. 2007/12/18 + * Fixed a possible buffer overflow in @partyoption [ultramage] * Updated respawn time interpretation according to latest kRO update [Playtester] - this first time is the "min respawn time" - the second time is the "variance" which is added to the "min respawn time" diff --git a/src/map/atcommand.c b/src/map/atcommand.c index 1a6e9509b..b90d2c6b6 100644 --- a/src/map/atcommand.c +++ b/src/map/atcommand.c @@ -6012,7 +6012,7 @@ int atcommand_partyoption(const int fd, struct map_session_data* sd, const char* { struct party_data *p; int mi, option; - char w1[15], w2[15]; + char w1[16], w2[16]; nullpo_retr(-1, sd); if (sd->status.party_id == 0 || (p = party_search(sd->status.party_id)) == NULL) @@ -6020,9 +6020,8 @@ int atcommand_partyoption(const int fd, struct map_session_data* sd, const char* clif_displaymessage(fd, msg_txt(282)); return -1; } - - for (mi = 0; mi < MAX_PARTY && p->data[mi].sd != sd; mi++); - + + ARR_FIND( 0, MAX_PARTY, mi, p->data[mi].sd == sd ); if (mi == MAX_PARTY) return -1; //Shouldn't happen @@ -6031,15 +6030,15 @@ int atcommand_partyoption(const int fd, struct map_session_data* sd, const char* clif_displaymessage(fd, msg_txt(282)); return -1; } - + if(!message || !*message || sscanf(message, "%15s %15s", w1, w2) < 2) { clif_displaymessage(fd, "Command usage: @changeoption <pickup share: yes/no> <item distribution: yes/no>"); return -1; } - w1[14] = w2[14] = '\0'; //Assure a proper string terminator. + option = (config_switch(w1)?1:0)|(config_switch(w2)?2:0); - + //Change item share type. if (option != p->party.item) party_changeoption(sd, p->party.exp, option); |