summaryrefslogtreecommitdiff
path: root/src/char/inter.c
diff options
context:
space:
mode:
authorshennetsind <ind@henn.et>2015-01-17 20:18:49 -0200
committershennetsind <ind@henn.et>2015-01-17 20:18:49 -0200
commita3c4d675ba19df385be5d1e3966c61de7186da57 (patch)
tree45b4a026a758afb1a54387cdadb91d55eba621f8 /src/char/inter.c
parent3e53a34615c2535dbed3d7c2c7a00f1ef3eaff0a (diff)
downloadhercules-a3c4d675ba19df385be5d1e3966c61de7186da57.tar.gz
hercules-a3c4d675ba19df385be5d1e3966c61de7186da57.tar.bz2
hercules-a3c4d675ba19df385be5d1e3966c61de7186da57.tar.xz
hercules-a3c4d675ba19df385be5d1e3966c61de7186da57.zip
27 Fixes
Addressing out of bounds read/write, pointless null checks on already deferenced variables. Special Thanks to 4144 and Haruna! Signed-off-by: shennetsind <ind@henn.et>
Diffstat (limited to 'src/char/inter.c')
-rw-r--r--src/char/inter.c36
1 files changed, 15 insertions, 21 deletions
diff --git a/src/char/inter.c b/src/char/inter.c
index e60da2b4f..6cd34dc39 100644
--- a/src/char/inter.c
+++ b/src/char/inter.c
@@ -780,24 +780,18 @@ static int inter_config_read(const char* cfgName)
continue;
if(!strcmpi(w1,"char_server_ip")) {
- strcpy(char_server_ip,w2);
- } else
- if(!strcmpi(w1,"char_server_port")) {
+ safestrncpy(char_server_ip, w2, sizeof(char_server_ip));
+ } else if(!strcmpi(w1,"char_server_port")) {
char_server_port = atoi(w2);
- } else
- if(!strcmpi(w1,"char_server_id")) {
- strcpy(char_server_id,w2);
- } else
- if(!strcmpi(w1,"char_server_pw")) {
- strcpy(char_server_pw,w2);
- } else
- if(!strcmpi(w1,"char_server_db")) {
- strcpy(char_server_db,w2);
- } else
- if(!strcmpi(w1,"default_codepage")) {
- strcpy(default_codepage,w2);
- }
- else if(!strcmpi(w1,"party_share_level"))
+ } else if(!strcmpi(w1,"char_server_id")) {
+ safestrncpy(char_server_id, w2, sizeof(char_server_id));
+ } else if(!strcmpi(w1,"char_server_pw")) {
+ safestrncpy(char_server_pw, w2, sizeof(char_server_pw));
+ } else if(!strcmpi(w1,"char_server_db")) {
+ safestrncpy(char_server_db, w2, sizeof(char_server_db));
+ } else if(!strcmpi(w1,"default_codepage")) {
+ safestrncpy(default_codepage, w2, sizeof(default_codepage));
+ } else if(!strcmpi(w1,"party_share_level"))
party_share_level = atoi(w2);
else if(!strcmpi(w1,"log_inter"))
log_inter = atoi(w2);
@@ -931,8 +925,7 @@ int mapif_broadcast(unsigned char *mes, int len, unsigned int fontColor, short f
memcpy(WBUFP(buf,16), mes, len - 16);
mapif->sendallwos(sfd, buf, len);
- if (buf)
- aFree(buf);
+ aFree(buf);
return 0;
}
@@ -940,8 +933,9 @@ int mapif_broadcast(unsigned char *mes, int len, unsigned int fontColor, short f
int mapif_wis_message(struct WisData *wd)
{
unsigned char buf[2048];
- if (wd->len > 2047-56) wd->len = 2047-56; //Force it to fit to avoid crashes. [Skotlex]
-
+ //if (wd->len > 2047-56) wd->len = 2047-56; //Force it to fit to avoid crashes. [Skotlex]
+ if( wd->len >= sizeof(wd->msg) - 1 ) wd->len = sizeof(wd->msg) - 1;
+
WBUFW(buf, 0) = 0x3801;
WBUFW(buf, 2) = 56 +wd->len;
WBUFL(buf, 4) = wd->id;