From 792e9de933b8d85ab486e9ddbc3e545b04ddea08 Mon Sep 17 00:00:00 2001 From: ultramage Date: Tue, 18 Dec 2007 22:06:36 +0000 Subject: Fixed a possible buffer overflow in @partyoption code. git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@11947 54d463be-8e91-2dee-dedb-b68131a5f0ec --- Changelog-Trunk.txt | 1 + src/map/atcommand.c | 13 ++++++------- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt index e146ea5e7..cd6c93f73 100644 --- a/Changelog-Trunk.txt +++ b/Changelog-Trunk.txt @@ -4,6 +4,7 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK. ALL UNTESTED BUGFIXES/FEATURES GO IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK. 2007/12/18 + * Fixed a possible buffer overflow in @partyoption [ultramage] * Updated respawn time interpretation according to latest kRO update [Playtester] - this first time is the "min respawn time" - the second time is the "variance" which is added to the "min respawn time" diff --git a/src/map/atcommand.c b/src/map/atcommand.c index 1a6e9509b..b90d2c6b6 100644 --- a/src/map/atcommand.c +++ b/src/map/atcommand.c @@ -6012,7 +6012,7 @@ int atcommand_partyoption(const int fd, struct map_session_data* sd, const char* { struct party_data *p; int mi, option; - char w1[15], w2[15]; + char w1[16], w2[16]; nullpo_retr(-1, sd); if (sd->status.party_id == 0 || (p = party_search(sd->status.party_id)) == NULL) @@ -6020,9 +6020,8 @@ int atcommand_partyoption(const int fd, struct map_session_data* sd, const char* clif_displaymessage(fd, msg_txt(282)); return -1; } - - for (mi = 0; mi < MAX_PARTY && p->data[mi].sd != sd; mi++); - + + ARR_FIND( 0, MAX_PARTY, mi, p->data[mi].sd == sd ); if (mi == MAX_PARTY) return -1; //Shouldn't happen @@ -6031,15 +6030,15 @@ int atcommand_partyoption(const int fd, struct map_session_data* sd, const char* clif_displaymessage(fd, msg_txt(282)); return -1; } - + if(!message || !*message || sscanf(message, "%15s %15s", w1, w2) < 2) { clif_displaymessage(fd, "Command usage: @changeoption "); return -1; } - w1[14] = w2[14] = '\0'; //Assure a proper string terminator. + option = (config_switch(w1)?1:0)|(config_switch(w2)?2:0); - + //Change item share type. if (option != p->party.item) party_changeoption(sd, p->party.exp, option); -- cgit v1.2.3-70-g09d2