From 84b88781a0c39f7379ed85f74dc03c4e868a171f Mon Sep 17 00:00:00 2001
From: shennetsind <ind@henn.et>
Date: Sat, 17 Jan 2015 15:59:12 -0200
Subject: 10 Distinct fixes

Addressing out of bounds read-write.
Special Thanks to 4144, Haruna!

Signed-off-by: shennetsind <ind@henn.et>
---
 src/char/pincode.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/char')

diff --git a/src/char/pincode.c b/src/char/pincode.c
index a3843ff53..e0ee9557d 100644
--- a/src/char/pincode.c
+++ b/src/char/pincode.c
@@ -44,7 +44,7 @@ void pincode_handle ( int fd, struct char_session_data* sd ) {
 void pincode_check(int fd, struct char_session_data* sd) {
 	char pin[5] = "\0\0\0\0";
 
-	strncpy(pin, (char*)RFIFOP(fd, 6), 4+1);
+	safestrncpy(pin, (char*)RFIFOP(fd, 6), sizeof(pin));
 	pincode->decrypt(sd->pincode_seed, pin);
 	if( pincode->compare( fd, sd, pin ) ){
 		struct online_char_data* character;
@@ -70,12 +70,12 @@ int pincode_compare(int fd, struct char_session_data* sd, char* pin) {
 void pincode_change(int fd, struct char_session_data* sd) {
 	char oldpin[5] = "\0\0\0\0", newpin[5] = "\0\0\0\0";
 
-	strncpy(oldpin, (char*)RFIFOP(fd,6), sizeof(oldpin));
+	safestrncpy(oldpin, (char*)RFIFOP(fd,6), sizeof(oldpin));
 	pincode->decrypt(sd->pincode_seed,oldpin);
 	if( !pincode->compare( fd, sd, oldpin ) )
 		return;
 
-	strncpy(newpin, (char*)RFIFOP(fd,10), sizeof(newpin));
+	safestrncpy(newpin, (char*)RFIFOP(fd,10), sizeof(newpin));
 	pincode->decrypt(sd->pincode_seed,newpin);
 	pincode->update( sd->account_id, newpin );
 	strncpy(sd->pincode, newpin, sizeof(sd->pincode));
@@ -85,10 +85,10 @@ void pincode_change(int fd, struct char_session_data* sd) {
 void pincode_setnew(int fd, struct char_session_data* sd) {
 	char newpin[5] = "\0\0\0\0";
 
-	strncpy(newpin, (char*)RFIFOP(fd,6), sizeof(newpin));
+	safestrncpy(newpin, (char*)RFIFOP(fd,6), sizeof(newpin));
 	pincode->decrypt(sd->pincode_seed,newpin);
 	pincode->update( sd->account_id, newpin );
-	strncpy(sd->pincode, newpin, sizeof(sd->pincode));
+	safestrncpy(sd->pincode, newpin, sizeof(sd->pincode));
 	pincode->sendstate( fd, sd, PINCODE_ASK );
 }
 
-- 
cgit v1.2.3-60-g2f50