summaryrefslogtreecommitdiff
path: root/src/char/inter.c
diff options
context:
space:
mode:
authorHaru <haru@dotalux.com>2015-12-22 03:29:39 +0100
committerHaru <haru@dotalux.com>2015-12-22 04:11:51 +0100
commitb5021bf40bb1d0a6d38d7b85789703dc12a26180 (patch)
treead1d079c81e01f6a79552fff044f460b15d75632 /src/char/inter.c
parentce6eafb3ec39bf38384a944531b63abf452c80fe (diff)
downloadhercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.tar.gz
hercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.tar.bz2
hercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.tar.xz
hercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.zip
Ensured 32+1 bytes for all buffers that hold variable names
Related: #865, #866, #867 Signed-off-by: Haru <haru@dotalux.com>
Diffstat (limited to 'src/char/inter.c')
-rw-r--r--src/char/inter.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/src/char/inter.c b/src/char/inter.c
index 5b81a4732..87ecb4e6a 100644
--- a/src/char/inter.c
+++ b/src/char/inter.c
@@ -1186,7 +1186,7 @@ int mapif_parse_Registry(int fd)
if( count ) {
int cursor = 14, i;
- char key[32], sval[254];
+ char key[SCRIPT_VARNAME_LENGTH+1], sval[254];
bool isLoginActive = sockt->session_is_active(chr->login_fd);
if( isLoginActive )
@@ -1194,8 +1194,9 @@ int mapif_parse_Registry(int fd)
for(i = 0; i < count; i++) {
unsigned int index;
- safestrncpy(key, (char*)RFIFOP(fd, cursor + 1), RFIFOB(fd, cursor));
- cursor += RFIFOB(fd, cursor) + 1;
+ int len = RFIFOB(fd, cursor);
+ safestrncpy(key, (char*)RFIFOP(fd, cursor + 1), min((int)sizeof(key), len));
+ cursor += len + 1;
index = RFIFOL(fd, cursor);
cursor += 4;
@@ -1211,8 +1212,9 @@ int mapif_parse_Registry(int fd)
break;
/* str */
case 2:
- safestrncpy(sval, (char*)RFIFOP(fd, cursor + 1), RFIFOB(fd, cursor));
- cursor += RFIFOB(fd, cursor) + 1;
+ len = RFIFOB(fd, cursor);
+ safestrncpy(sval, (char*)RFIFOP(fd, cursor + 1), min((int)sizeof(sval), len));
+ cursor += len + 1;
inter->savereg(account_id,char_id,key,index,(intptr_t)sval,true);
break;
case 3: