From ed8fac40e2d6cbf11b9a4a1a8182cd28871e3e6d Mon Sep 17 00:00:00 2001 From: Andrei Karas Date: Thu, 3 May 2018 04:31:43 +0300 Subject: Fix overflow in map zones. --- src/map/map.c | 14 ++++++++------ src/map/map.h | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/map/map.c b/src/map/map.c index 90b304865..8386b3c3d 100644 --- a/src/map/map.c +++ b/src/map/map.c @@ -5119,11 +5119,12 @@ bool map_zone_mf_cache(int m, char *flag, char *params) { } } else if (!strcmpi(flag,"adjust_unit_duration")) { int skill_id, k; - char skill_name[MAP_ZONE_MAPFLAG_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH]; - size_t len = strlen(params); + char skill_name[MAX_SKILL_NAME_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH]; + size_t len; modifier[0] = '\0'; - memcpy(skill_name, params, MAP_ZONE_MAPFLAG_LENGTH); + safestrncpy(skill_name, params, MAX_SKILL_NAME_LENGTH); + len = strlen(skill_name); for(k = 0; k < len; k++) { if( skill_name[k] == '\t' ) { @@ -5152,11 +5153,12 @@ bool map_zone_mf_cache(int m, char *flag, char *params) { } } else if (!strcmpi(flag,"adjust_skill_damage")) { int skill_id, k; - char skill_name[MAP_ZONE_MAPFLAG_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH]; - size_t len = strlen(params); + char skill_name[MAX_SKILL_NAME_LENGTH], modifier[MAP_ZONE_MAPFLAG_LENGTH]; + size_t len; modifier[0] = '\0'; - memcpy(skill_name, params, MAP_ZONE_MAPFLAG_LENGTH); + safestrncpy(skill_name, params, MAX_SKILL_NAME_LENGTH); + len = strlen(skill_name); for(k = 0; k < len; k++) { if( skill_name[k] == '\t' ) { diff --git a/src/map/map.h b/src/map/map.h index d6afdc160..0618b0da8 100644 --- a/src/map/map.h +++ b/src/map/map.h @@ -740,7 +740,7 @@ enum map_zone_merge_type { #define MAP_ZONE_BG_NAME "Battlegrounds" #define MAP_ZONE_CVC_NAME "CvC" #define MAP_ZONE_PK_NAME "PK Mode" -#define MAP_ZONE_MAPFLAG_LENGTH 50 +#define MAP_ZONE_MAPFLAG_LENGTH 65 struct map_zone_data { char name[MAP_ZONE_NAME_LENGTH];/* 20'd */ -- cgit v1.2.3-60-g2f50