diff options
author | Haru <haru@dotalux.com> | 2015-12-22 03:29:39 +0100 |
---|---|---|
committer | Haru <haru@dotalux.com> | 2015-12-22 04:11:51 +0100 |
commit | b5021bf40bb1d0a6d38d7b85789703dc12a26180 (patch) | |
tree | ad1d079c81e01f6a79552fff044f460b15d75632 /src/map/intif.c | |
parent | ce6eafb3ec39bf38384a944531b63abf452c80fe (diff) | |
download | hercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.tar.gz hercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.tar.bz2 hercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.tar.xz hercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.zip |
Ensured 32+1 bytes for all buffers that hold variable names
Related: #865, #866, #867
Signed-off-by: Haru <haru@dotalux.com>
Diffstat (limited to 'src/map/intif.c')
-rw-r--r-- | src/map/intif.c | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/src/map/intif.c b/src/map/intif.c index 06b910d54..8066d07b9 100644 --- a/src/map/intif.c +++ b/src/map/intif.c @@ -1077,8 +1077,8 @@ void intif_parse_Registers(int fd) /* have it not complain about insertion of vars before loading, and not set those vars as new or modified */ pc->reg_load = true; - if( RFIFOW(fd, 14) ) { - char key[32]; + if (RFIFOW(fd, 14) != 0) { + char key[SCRIPT_VARNAME_LENGTH+1]; unsigned int index; int max = RFIFOW(fd, 14), cursor = 16, i; @@ -1091,16 +1091,18 @@ void intif_parse_Registers(int fd) * { keyLength(B), key(<keyLength>), index(L), valLength(B), val(<valLength>) } **/ if (type) { - for(i = 0; i < max; i++) { - char sval[254]; - safestrncpy(key, (char*)RFIFOP(fd, cursor + 1), RFIFOB(fd, cursor)); - cursor += RFIFOB(fd, cursor) + 1; + char sval[254]; + for (i = 0; i < max; i++) { + int len = RFIFOB(fd, cursor); + safestrncpy(key, (char*)RFIFOP(fd, cursor + 1), min((int)sizeof(key), len)); + cursor += len + 1; index = RFIFOL(fd, cursor); cursor += 4; - safestrncpy(sval, (char*)RFIFOP(fd, cursor + 1), RFIFOB(fd, cursor)); - cursor += RFIFOB(fd, cursor) + 1; + len = RFIFOB(fd, cursor); + safestrncpy(sval, (char*)RFIFOP(fd, cursor + 1), min((int)sizeof(sval), len)); + cursor += len + 1; script->set_reg(NULL,sd,reference_uid(script->add_str(key), index), key, (void*)sval, NULL); } @@ -1111,10 +1113,12 @@ void intif_parse_Registers(int fd) * { keyLength(B), key(<keyLength>), index(L), value(L) } **/ } else { - for(i = 0; i < max; i++) { + for (i = 0; i < max; i++) { int ival; - safestrncpy(key, (char*)RFIFOP(fd, cursor + 1), RFIFOB(fd, cursor)); - cursor += RFIFOB(fd, cursor) + 1; + + int len = RFIFOB(fd, cursor); + safestrncpy(key, (char*)RFIFOP(fd, cursor + 1), min((int)sizeof(key), len)); + cursor += len + 1; index = RFIFOL(fd, cursor); cursor += 4; |