diff options
author | Haru <haru@dotalux.com> | 2015-12-22 03:29:39 +0100 |
---|---|---|
committer | Haru <haru@dotalux.com> | 2015-12-22 04:11:51 +0100 |
commit | b5021bf40bb1d0a6d38d7b85789703dc12a26180 (patch) | |
tree | ad1d079c81e01f6a79552fff044f460b15d75632 /src/char | |
parent | ce6eafb3ec39bf38384a944531b63abf452c80fe (diff) | |
download | hercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.tar.gz hercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.tar.bz2 hercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.tar.xz hercules-b5021bf40bb1d0a6d38d7b85789703dc12a26180.zip |
Ensured 32+1 bytes for all buffers that hold variable names
Related: #865, #866, #867
Signed-off-by: Haru <haru@dotalux.com>
Diffstat (limited to 'src/char')
-rw-r--r-- | src/char/inter.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/char/inter.c b/src/char/inter.c index 5b81a4732..87ecb4e6a 100644 --- a/src/char/inter.c +++ b/src/char/inter.c @@ -1186,7 +1186,7 @@ int mapif_parse_Registry(int fd) if( count ) { int cursor = 14, i; - char key[32], sval[254]; + char key[SCRIPT_VARNAME_LENGTH+1], sval[254]; bool isLoginActive = sockt->session_is_active(chr->login_fd); if( isLoginActive ) @@ -1194,8 +1194,9 @@ int mapif_parse_Registry(int fd) for(i = 0; i < count; i++) { unsigned int index; - safestrncpy(key, (char*)RFIFOP(fd, cursor + 1), RFIFOB(fd, cursor)); - cursor += RFIFOB(fd, cursor) + 1; + int len = RFIFOB(fd, cursor); + safestrncpy(key, (char*)RFIFOP(fd, cursor + 1), min((int)sizeof(key), len)); + cursor += len + 1; index = RFIFOL(fd, cursor); cursor += 4; @@ -1211,8 +1212,9 @@ int mapif_parse_Registry(int fd) break; /* str */ case 2: - safestrncpy(sval, (char*)RFIFOP(fd, cursor + 1), RFIFOB(fd, cursor)); - cursor += RFIFOB(fd, cursor) + 1; + len = RFIFOB(fd, cursor); + safestrncpy(sval, (char*)RFIFOP(fd, cursor + 1), min((int)sizeof(sval), len)); + cursor += len + 1; inter->savereg(account_id,char_id,key,index,(intptr_t)sval,true); break; case 3: |