From d0725afa8363b5f7b0612e087b48013d39339039 Mon Sep 17 00:00:00 2001 From: shennetsind Date: Sun, 18 Jan 2015 11:37:45 -0200 Subject: Fixing 38 issues Addressing out of bounds read/write, pointless null checks on already deferenced variables, dead code. Special Thanks to 4144 and Haruna! Signed-off-by: shennetsind --- src/common/console.c | 2 +- src/common/mapindex.c | 3 ++- src/common/utils.c | 21 ++++++++++++--------- 3 files changed, 15 insertions(+), 11 deletions(-) (limited to 'src/common') diff --git a/src/common/console.c b/src/common/console.c index d9567a313..97ca0650e 100644 --- a/src/common/console.c +++ b/src/common/console.c @@ -382,7 +382,7 @@ void console_parse_sub(char *line) { return; } else cmd = cmd->u.next[i]; - len += snprintf(sublist + len,CP_CMD_LENGTH * 5,":%s", cmd->cmd); + len += snprintf(sublist + len,(CP_CMD_LENGTH * 5) - len,":%s", cmd->cmd); } ShowError("Is only a category, type '"CL_WHITE"%s help"CL_RESET"' to list its subcommands\n",sublist); } diff --git a/src/common/mapindex.c b/src/common/mapindex.c index 0d8a69726..2264721fa 100644 --- a/src/common/mapindex.c +++ b/src/common/mapindex.c @@ -48,7 +48,7 @@ const char* mapindex_getmapname_ext(const char* string, char* output) { size_t len; - strcpy(buf,string); + safestrncpy(buf,string, sizeof(buf)); sscanf(string, "%*[^#]%*[#]%15s", buf); len = safestrnlen(buf, MAP_NAME_LENGTH); @@ -154,6 +154,7 @@ int mapindex_init(void) { switch (sscanf(line, "%12s\t%d", map_name, &index)) { case 1: //Map with no ID given, auto-assign index = last_index+1; + /* Fall through */ case 2: //Map with ID given mapindex->addmap(index,map_name); total++; diff --git a/src/common/utils.c b/src/common/utils.c index 5688362de..5ede86296 100644 --- a/src/common/utils.c +++ b/src/common/utils.c @@ -19,6 +19,7 @@ #include "../common/mmo.h" #include "../common/showmsg.h" #include "../common/socket.h" +#include "../common/strlib.h" #ifdef WIN32 # include "../common/winapi.h" @@ -156,16 +157,18 @@ static char* checkpath(char *path, const char*srcpath) { // just make sure the char*path is not const char *p=path; - if(NULL!=path && NULL!=srcpath) - while(*srcpath) { - if (*srcpath=='\\') { - *p++ = '/'; - srcpath++; + + if(NULL!=path && NULL!=srcpath) { + while(*srcpath) { + if (*srcpath=='\\') { + *p++ = '/'; + srcpath++; + } + else + *p++ = *srcpath++; } - else - *p++ = *srcpath++; + *p = *srcpath; //EOS } - *p = *srcpath; //EOS return path; } @@ -177,7 +180,7 @@ void findfile(const char *p, const char *pat, void (func)(const char*)) char tmppath[MAX_DIR_PATH+1]; char path[MAX_DIR_PATH+1]= "."; const char *pattern = (pat==NULL)? "" : pat; - if(p!=NULL) strcpy(path,p); + if(p!=NULL) safestrncpy(path,p,sizeof(path)); // open the directory for reading dir = opendir( checkpath(path, path) ); -- cgit v1.2.3-70-g09d2