diff options
author | shennetsind <ind@henn.et> | 2015-01-17 15:59:12 -0200 |
---|---|---|
committer | shennetsind <ind@henn.et> | 2015-01-17 15:59:12 -0200 |
commit | 84b88781a0c39f7379ed85f74dc03c4e868a171f (patch) | |
tree | 41f0392d7d872fb038b42ddc82bde56be4582e47 /src/char | |
parent | 36fa0940d5c97457f7093d81e7d298c88dac14af (diff) | |
download | hercules-84b88781a0c39f7379ed85f74dc03c4e868a171f.tar.gz hercules-84b88781a0c39f7379ed85f74dc03c4e868a171f.tar.bz2 hercules-84b88781a0c39f7379ed85f74dc03c4e868a171f.tar.xz hercules-84b88781a0c39f7379ed85f74dc03c4e868a171f.zip |
10 Distinct fixes
Addressing out of bounds read-write.
Special Thanks to 4144, Haruna!
Signed-off-by: shennetsind <ind@henn.et>
Diffstat (limited to 'src/char')
-rw-r--r-- | src/char/pincode.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/char/pincode.c b/src/char/pincode.c index a3843ff53..e0ee9557d 100644 --- a/src/char/pincode.c +++ b/src/char/pincode.c @@ -44,7 +44,7 @@ void pincode_handle ( int fd, struct char_session_data* sd ) { void pincode_check(int fd, struct char_session_data* sd) { char pin[5] = "\0\0\0\0"; - strncpy(pin, (char*)RFIFOP(fd, 6), 4+1); + safestrncpy(pin, (char*)RFIFOP(fd, 6), sizeof(pin)); pincode->decrypt(sd->pincode_seed, pin); if( pincode->compare( fd, sd, pin ) ){ struct online_char_data* character; @@ -70,12 +70,12 @@ int pincode_compare(int fd, struct char_session_data* sd, char* pin) { void pincode_change(int fd, struct char_session_data* sd) { char oldpin[5] = "\0\0\0\0", newpin[5] = "\0\0\0\0"; - strncpy(oldpin, (char*)RFIFOP(fd,6), sizeof(oldpin)); + safestrncpy(oldpin, (char*)RFIFOP(fd,6), sizeof(oldpin)); pincode->decrypt(sd->pincode_seed,oldpin); if( !pincode->compare( fd, sd, oldpin ) ) return; - strncpy(newpin, (char*)RFIFOP(fd,10), sizeof(newpin)); + safestrncpy(newpin, (char*)RFIFOP(fd,10), sizeof(newpin)); pincode->decrypt(sd->pincode_seed,newpin); pincode->update( sd->account_id, newpin ); strncpy(sd->pincode, newpin, sizeof(sd->pincode)); @@ -85,10 +85,10 @@ void pincode_change(int fd, struct char_session_data* sd) { void pincode_setnew(int fd, struct char_session_data* sd) { char newpin[5] = "\0\0\0\0"; - strncpy(newpin, (char*)RFIFOP(fd,6), sizeof(newpin)); + safestrncpy(newpin, (char*)RFIFOP(fd,6), sizeof(newpin)); pincode->decrypt(sd->pincode_seed,newpin); pincode->update( sd->account_id, newpin ); - strncpy(sd->pincode, newpin, sizeof(sd->pincode)); + safestrncpy(sd->pincode, newpin, sizeof(sd->pincode)); pincode->sendstate( fd, sd, PINCODE_ASK ); } |