From 3c6f9eb913c643872f00fcd6d01bd3dc4c8b15fb Mon Sep 17 00:00:00 2001
From: Haru <haru@dotalux.com>
Date: Tue, 13 Feb 2018 01:29:48 +0100
Subject: Fix unterminated strings in ZC_BATTLEFIELD_CHAT

Follow-up to #1890 (targeting the clients that were excluded)

The unterminated string could cause client crashes or trailing garbage
to be displayed when receiving a battlegrounds chat message, on various
client versions.

Signed-off-by: Haru <haru@dotalux.com>
---
 src/map/clif.c | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

(limited to 'src/map')

diff --git a/src/map/clif.c b/src/map/clif.c
index 6e1cb4cf7..7c314b075 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -16566,18 +16566,15 @@ void clif_bg_message(struct battleground_data *bgd, int src_id, const char *name
 		return;
 
 	len = (int)strlen(mes);
-#if PACKETVER <= 20120716
-	len += 1;
-#endif
-	Assert_retv(len <= INT16_MAX - NAME_LENGTH - 8);
-	buf = (unsigned char*)aMalloc((len + NAME_LENGTH + 8)*sizeof(unsigned char));
-
-	WBUFW(buf,0) = 0x2dc;
-	WBUFW(buf,2) = len + NAME_LENGTH + 8;
-	WBUFL(buf,4) = src_id;
-	memcpy(WBUFP(buf,8), name, NAME_LENGTH);
-	memcpy(WBUFP(buf,32), mes, len); // [!] no NUL terminator
-	clif->send(buf,WBUFW(buf,2), &sd->bl, BG);
+	Assert_retv(len <= INT16_MAX - NAME_LENGTH - 9);
+	buf = (unsigned char *)aCalloc(len + NAME_LENGTH + 9, sizeof(unsigned char));
+
+	WBUFW(buf, 0) = 0x2dc;
+	WBUFW(buf, 2) = len + NAME_LENGTH + 9;
+	WBUFL(buf, 4) = src_id;
+	safestrncpy(WBUFP(buf, 8), name, NAME_LENGTH);
+	safestrncpy(WBUFP(buf, 32), mes, len + 1);
+	clif->send(buf, WBUFW(buf, 2), &sd->bl, BG);
 
 	aFree(buf);
 }
-- 
cgit v1.2.3-60-g2f50