From 16f6df0c89cb08e44654e3930478682dbb24b2b3 Mon Sep 17 00:00:00 2001 From: Haru Date: Wed, 16 Oct 2013 05:45:01 +0200 Subject: Fixed a variable going out of scope causing an invalid pointer access - Follow-up to 20bdc01fa687b174a732be4483ddea4982d67ce9 - The issue was found thanks to gcc 4.7.3 on a 32 bit linux system, where the issue became evident and caused all sorts of parsing errors on argument-less command functions such as 'end', 'close', 'next', etc - Special thanks to Ind for quickly pointing me to the right place! Signed-off-by: Haru --- src/map/script.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/map/script.c b/src/map/script.c index dbd64536e..deafe83d6 100644 --- a/src/map/script.c +++ b/src/map/script.c @@ -610,16 +610,16 @@ const char* parse_callfunc(const char* p, int require_paren, int is_custom) { const char *p2; char *arg = NULL; + char null_arg = '\0'; int func; func = script->add_word(p); if( script->str_data[func].type == C_FUNC ){ - char argT = 0; // buildin function script->addl(func); script->addc(C_ARG); arg = script->buildin[script->str_data[func].val]; - if( !arg ) arg = &argT; + if( !arg ) arg = &null_arg; // Use a dummy, null string } else if( script->str_data[func].type == C_USERFUNC || script->str_data[func].type == C_USERFUNC_POS ){ // script defined function script->addl(script->buildin_callsub_ref); -- cgit v1.2.3-70-g09d2 From cee30749f018d1018878cf55b1f4550a95bd9ff7 Mon Sep 17 00:00:00 2001 From: Haru Date: Wed, 16 Oct 2013 06:04:42 +0200 Subject: Follow-up to fad3040499293b1ff4ff634680163fcab4ca5e70 - Corrected token length limit detection when the token is shorter than 32 characters. Special thanks to Lemongrass3110. Signed-off-by: Haru --- src/login/login.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/login/login.c b/src/login/login.c index f81ee30c7..7de5dbb76 100644 --- a/src/login/login.c +++ b/src/login/login.c @@ -1404,7 +1404,7 @@ int parse_login(int fd) } safestrncpy(username, accname, NAME_LENGTH); - safestrncpy(password, token, PASSWD_LEN); + safestrncpy(password, token, min(uTokenLen+1, PASSWD_LEN)); // Variable-length field, don't copy more than necessary clienttype = RFIFOB(fd, 8); } else -- cgit v1.2.3-70-g09d2