diff options
author | shennetsind <ind@henn.et> | 2015-01-17 20:18:49 -0200 |
---|---|---|
committer | shennetsind <ind@henn.et> | 2015-01-17 20:18:49 -0200 |
commit | a3c4d675ba19df385be5d1e3966c61de7186da57 (patch) | |
tree | 45b4a026a758afb1a54387cdadb91d55eba621f8 /src/char/inter.c | |
parent | 3e53a34615c2535dbed3d7c2c7a00f1ef3eaff0a (diff) | |
download | hercules-a3c4d675ba19df385be5d1e3966c61de7186da57.tar.gz hercules-a3c4d675ba19df385be5d1e3966c61de7186da57.tar.bz2 hercules-a3c4d675ba19df385be5d1e3966c61de7186da57.tar.xz hercules-a3c4d675ba19df385be5d1e3966c61de7186da57.zip |
27 Fixes
Addressing out of bounds read/write, pointless null checks on already deferenced variables.
Special Thanks to 4144 and Haruna!
Signed-off-by: shennetsind <ind@henn.et>
Diffstat (limited to 'src/char/inter.c')
-rw-r--r-- | src/char/inter.c | 36 |
1 files changed, 15 insertions, 21 deletions
diff --git a/src/char/inter.c b/src/char/inter.c index e60da2b4f..6cd34dc39 100644 --- a/src/char/inter.c +++ b/src/char/inter.c @@ -780,24 +780,18 @@ static int inter_config_read(const char* cfgName) continue; if(!strcmpi(w1,"char_server_ip")) { - strcpy(char_server_ip,w2); - } else - if(!strcmpi(w1,"char_server_port")) { + safestrncpy(char_server_ip, w2, sizeof(char_server_ip)); + } else if(!strcmpi(w1,"char_server_port")) { char_server_port = atoi(w2); - } else - if(!strcmpi(w1,"char_server_id")) { - strcpy(char_server_id,w2); - } else - if(!strcmpi(w1,"char_server_pw")) { - strcpy(char_server_pw,w2); - } else - if(!strcmpi(w1,"char_server_db")) { - strcpy(char_server_db,w2); - } else - if(!strcmpi(w1,"default_codepage")) { - strcpy(default_codepage,w2); - } - else if(!strcmpi(w1,"party_share_level")) + } else if(!strcmpi(w1,"char_server_id")) { + safestrncpy(char_server_id, w2, sizeof(char_server_id)); + } else if(!strcmpi(w1,"char_server_pw")) { + safestrncpy(char_server_pw, w2, sizeof(char_server_pw)); + } else if(!strcmpi(w1,"char_server_db")) { + safestrncpy(char_server_db, w2, sizeof(char_server_db)); + } else if(!strcmpi(w1,"default_codepage")) { + safestrncpy(default_codepage, w2, sizeof(default_codepage)); + } else if(!strcmpi(w1,"party_share_level")) party_share_level = atoi(w2); else if(!strcmpi(w1,"log_inter")) log_inter = atoi(w2); @@ -931,8 +925,7 @@ int mapif_broadcast(unsigned char *mes, int len, unsigned int fontColor, short f memcpy(WBUFP(buf,16), mes, len - 16); mapif->sendallwos(sfd, buf, len); - if (buf) - aFree(buf); + aFree(buf); return 0; } @@ -940,8 +933,9 @@ int mapif_broadcast(unsigned char *mes, int len, unsigned int fontColor, short f int mapif_wis_message(struct WisData *wd) { unsigned char buf[2048]; - if (wd->len > 2047-56) wd->len = 2047-56; //Force it to fit to avoid crashes. [Skotlex] - + //if (wd->len > 2047-56) wd->len = 2047-56; //Force it to fit to avoid crashes. [Skotlex] + if( wd->len >= sizeof(wd->msg) - 1 ) wd->len = sizeof(wd->msg) - 1; + WBUFW(buf, 0) = 0x3801; WBUFW(buf, 2) = 56 +wd->len; WBUFL(buf, 4) = wd->id; |