From b1d22b02963b16c4edcce0cd5d2bc521d97348f9 Mon Sep 17 00:00:00 2001
From: skotlex <skotlex@54d463be-8e91-2dee-dedb-b68131a5f0ec>
Date: Sun, 1 Apr 2007 21:15:17 +0000
Subject: - Reviewed atcommand.c and charcommand.c to make sure there's no
 scanf where a string argument is specified without a size limit.

git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@10111 54d463be-8e91-2dee-dedb-b68131a5f0ec
---
 src/map/atcommand.c   | 28 +++++++++++-----------------
 src/map/charcommand.c |  8 ++++----
 2 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/src/map/atcommand.c b/src/map/atcommand.c
index 1b12d336c..15057e75e 100644
--- a/src/map/atcommand.c
+++ b/src/map/atcommand.c
@@ -879,7 +879,7 @@ AtCommandType atcommand(struct map_session_data* sd, const int level, const char
 		int i = 0;
 		memset(info, 0, sizeof(AtCommandInfo));
 		sscanf(p, "%100s", command);
-		command[sizeof(command)-1] = '\0';
+		command[100] = '\0';
 
 		while (atcommand_info[i].type != AtCommand_Unknown) {
 			if (strcmpi(command+1, atcommand_info[i].command+1) == 0 && level >= atcommand_info[i].level) {
@@ -1411,14 +1411,11 @@ int atcommand_jumpto(const int fd, struct map_session_data* sd, const char* comm
 
 	nullpo_retr(-1, sd);
 
-	if (!message || !*message || sscanf(message, "%99[^\n]", atcmd_player_name) < 1) {
+	if (!message || !*message || sscanf(message, "%23[^\n]", atcmd_player_name) < 1) {
 		clif_displaymessage(fd, "Please, enter a player name (usage: @jumpto/@warpto/@goto <char name>).");
 		return -1;
 	}
 
-	memset(atcmd_player_name, '\0', sizeof atcmd_player_name);
-	if (sscanf(message, "%23[^\n]", atcmd_player_name) < 1)
-		return -1;
 	if(strncmp(sd->status.name,atcmd_player_name,NAME_LENGTH)==0) //Yourself mate? Tsk tsk tsk.
 		return -1;
 
@@ -4369,9 +4366,6 @@ int atcommand_recall(const int fd, struct map_session_data* sd, const char* comm
 		return -1;
 	}
 
-	memset(atcmd_player_name, '\0', sizeof atcmd_player_name);
-	if(sscanf(message, "%23[^\n]", atcmd_player_name) < 1)
-		return -1;
 	if(strncmp(sd->status.name,atcmd_player_name,NAME_LENGTH)==0)
 		return -1;
 
@@ -4442,7 +4436,7 @@ int atcommand_char_block(const int fd, struct map_session_data* sd, const char*
 
 	memset(atcmd_player_name, '\0', sizeof(atcmd_player_name));
 
-	if (!message || !*message || sscanf(message, "%99[^\n]", atcmd_player_name) < 1) {
+	if (!message || !*message || sscanf(message, "%23[^\n]", atcmd_player_name) < 1) {
 		clif_displaymessage(fd, "Please, enter a player name (usage: @charblock/@block <name>).");
 		return -1;
 	}
@@ -4487,7 +4481,7 @@ int atcommand_char_ban(const int fd, struct map_session_data* sd, const char* co
 	memset(atcmd_output, '\0', sizeof(atcmd_output));
 	memset(atcmd_player_name, '\0', sizeof(atcmd_player_name));
 
-	if (!message || !*message || sscanf(message, "%s %99[^\n]", atcmd_output, atcmd_player_name) < 2) {
+	if (!message || !*message || sscanf(message, "%199s %99[^\n]", atcmd_output, atcmd_player_name) < 2) {
 		clif_displaymessage(fd, "Please, enter ban time and a player name (usage: @charban/@ban/@banish/@charbanish <time> <name>).");
 		return -1;
 	}
@@ -6105,7 +6099,7 @@ int atcommand_chardelitem(const int fd, struct map_session_data* sd, const char*
 
 	if (!message || !*message || (
 		sscanf(message, "\"%99[^\"]\" %d %99[^\n]", item_name, &number, atcmd_player_name) < 3 &&
-		sscanf(message, "%s %d %99[^\n]", item_name, &number, atcmd_player_name) < 3
+		sscanf(message, "%99s %d %99[^\n]", item_name, &number, atcmd_player_name) < 3
 	) || number < 1) {
 		clif_displaymessage(fd, "Please, enter an item name/id, a quantity and a player name (usage: @chardelitem <item_name_or_ID> <quantity> <player>).");
 		return -1;
@@ -6292,7 +6286,7 @@ int atcommand_jailfor(const int fd, struct map_session_data* sd, const char* com
 	short m_index = 0;
 	nullpo_retr(-1, sd);
 
-	if (!message || !*message || sscanf(message, "%s %99[^\n]",atcmd_output,atcmd_player_name) < 2) {
+	if (!message || !*message || sscanf(message, "%199s %99[^\n]",atcmd_output,atcmd_player_name) < 2) {
 		clif_displaymessage(fd, msg_txt(400));  //Usage: @jailfor <time> <character name>
 		return -1;
 	}
@@ -6431,7 +6425,7 @@ int atcommand_charjailtime(const int fd, struct map_session_data* sd, const char
 
 	nullpo_retr(-1, sd);
 
-	if (!message || !*message || sscanf(message, "%[^\n]", atcmd_player_name) < 1) {
+	if (!message || !*message || sscanf(message, "%23[^\n]", atcmd_player_name) < 1) {
 		clif_displaymessage(fd, "Please, enter a player name (usage: @charjailtime <character name>).");
 		return -1;
 	}
@@ -6656,7 +6650,7 @@ int atcommand_chardisguise(const int fd, struct map_session_data* sd, const char
 	memset(atcmd_player_name, '\0', sizeof(atcmd_player_name));
 	memset(mob_name, '\0', sizeof(mob_name));
 
-	if (!message || !*message || sscanf(message, "%s %23[^\n]", mob_name, atcmd_player_name) < 2) {
+	if (!message || !*message || sscanf(message, "%23s %23[^\n]", mob_name, atcmd_player_name) < 2) {
 		clif_displaymessage(fd, "Please, enter a Monster/NPC name/id and a player name (usage: @chardisguise <monster_name_or_monster_ID> <char name>).");
 		return -1;
 	}
@@ -7012,7 +7006,7 @@ int atcommand_addwarp(const int fd, struct map_session_data* sd, const char* com
 	if (!message || !*message)
 		return -1;
 
-	if (sscanf(message, "%99s %d %d[^\n]", atcmd_player_name, &x, &y ) < 3)
+	if (sscanf(message, "%23s %d %d[^\n]", atcmd_player_name, &x, &y ) < 3)
 		return -1;
 
 	sprintf(w1,"%s,%d,%d", mapindex_id2name(sd->mapindex), sd->bl.x, sd->bl.y);
@@ -7227,7 +7221,7 @@ int atcommand_useskill(const int fd, struct map_session_data* sd, const char* co
 	struct block_list *bl;
 	int skillnum;
 	int skilllv;
-	char target[255];
+	char target[100];
 	nullpo_retr(-1, sd);
 
 	if (!message || !*message)
@@ -8159,7 +8153,7 @@ int atcommand_adjcmdlvl(const int fd, struct map_session_data* sd, const char* c
 	char cmd[100];
 	nullpo_retr(-1, sd);
 
-	if (!message || !*message || sscanf(message, "%d %100s", &newlev, cmd) != 2)
+	if (!message || !*message || sscanf(message, "%d %99s", &newlev, cmd) != 2)
 	{
 		clif_displaymessage(fd, "Usage: @adjcmdlvl <lvl> <command>.");
 		return -1;
diff --git a/src/map/charcommand.c b/src/map/charcommand.c
index f241148c3..e826d42b8 100644
--- a/src/map/charcommand.c
+++ b/src/map/charcommand.c
@@ -224,7 +224,7 @@ CharCommandType charcommand(struct map_session_data* sd, const int level, const
 		int i = 0;
 		memset(info, 0, sizeof(CharCommandInfo));
 		sscanf(p, "%100s", command);
-		command[sizeof(command)-1] = '\0';
+		command[100] = '\0';
 
 		while (charcommand_info[i].type != CharCommand_Unknown) {
 			if (strcmpi(command+1, charcommand_info[i].command+1) == 0 && level >= charcommand_info[i].level) {
@@ -891,16 +891,16 @@ charcommand_effect(const int fd, struct map_session_data* sd,
 	const char* command, const char* message)
 {
 	struct map_session_data *pl_sd = NULL;
-	char target[255];
+	char target[NAME_LENGTH];
 	int type = 0;
 	nullpo_retr(-1, sd);
 
-	if (!message || !*message || sscanf(message, "%d %s", &type, target) != 2) {
+	if (!message || !*message || sscanf(message, "%d %23s", &type, target) != 2) {
 		clif_displaymessage(fd, "usage: #effect <type+> <target>.");
 		return -1;
 	}
 
-	if((pl_sd=map_nick2sd((char *) target)) == NULL)
+	if((pl_sd=map_nick2sd(target)) == NULL)
 		return -1;
 
 	clif_specialeffect(&pl_sd->bl, type, AREA);
-- 
cgit v1.2.3-70-g09d2