From 415860ebaeb990c0c8da27cc7aa565a137b97fe9 Mon Sep 17 00:00:00 2001 From: Andrei Karas Date: Thu, 27 Jul 2017 01:08:15 +0300 Subject: Fix possible buffer overflows with snprintf. --- src/char/int_mail.c | 2 +- src/map/clif.c | 2 +- src/map/homunculus.c | 2 +- src/map/itemdb.c | 4 ++-- src/map/map.c | 4 ++-- src/map/mob.c | 8 ++++---- src/map/npc.c | 4 ++-- src/map/quest.c | 2 +- src/map/script.c | 2 +- src/map/status.c | 2 +- 10 files changed, 16 insertions(+), 16 deletions(-) (limited to 'src') diff --git a/src/char/int_mail.c b/src/char/int_mail.c index 1d00b0fdf..7f054eda1 100644 --- a/src/char/int_mail.c +++ b/src/char/int_mail.c @@ -426,7 +426,7 @@ void mapif_parse_mail_return(int fd) safestrncpy(msg.dest_name, temp_, NAME_LENGTH); // set reply message title - snprintf(temp_, MAIL_TITLE_LENGTH, "RE:%s", msg.title); + safesnprintf(temp_, MAIL_TITLE_LENGTH, "RE:%s", msg.title); safestrncpy(msg.title, temp_, MAIL_TITLE_LENGTH); msg.status = MAIL_NEW; diff --git a/src/map/clif.c b/src/map/clif.c index 905b6a3ce..bb4d53a99 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -17726,7 +17726,7 @@ void clif_cashshop_db(void) { if( cashshop != NULL && (cats = libconfig->setting_get_elem(cashshop, 0)) != NULL ) { for(i = 0; i < CASHSHOP_TAB_MAX; i++) { struct config_setting_t *cat; - char entry_name[10]; + char entry_name[15]; sprintf(entry_name,"cat_%d",i); diff --git a/src/map/homunculus.c b/src/map/homunculus.c index 91a455416..ddaf3443a 100644 --- a/src/map/homunculus.c +++ b/src/map/homunculus.c @@ -1215,7 +1215,7 @@ void homunculus_read_db(void) { if( i > 0 ) { char filepath[256]; - snprintf(filepath, 256, "%s/%s", map->db_path, filename[i]); + safesnprintf(filepath, 256, "%s/%s", map->db_path, filename[i]); if( !exists(filepath) ) { continue; diff --git a/src/map/itemdb.c b/src/map/itemdb.c index 9a43bae14..2b0847e1a 100644 --- a/src/map/itemdb.c +++ b/src/map/itemdb.c @@ -1527,7 +1527,7 @@ void itemdb_read_combos(void) char filepath[256]; FILE* fp; - snprintf(filepath, 256, "%s/%s", map->db_path, DBPATH"item_combo_db.txt"); + safesnprintf(filepath, 256, "%s/%s", map->db_path, DBPATH"item_combo_db.txt"); if ((fp = fopen(filepath, "r")) == NULL) { ShowError("itemdb_read_combos: File not found \"%s\".\n", filepath); @@ -2231,7 +2231,7 @@ int itemdb_readdb_libconfig(const char *filename) { nullpo_ret(filename); - sprintf(filepath, "%s/%s", map->db_path, filename); + safesnprintf(filepath, sizeof(filepath), "%s/%s", map->db_path, filename); if (!libconfig->load_file(&item_db_conf, filepath)) return 0; diff --git a/src/map/map.c b/src/map/map.c index 16d5e645d..17156f631 100644 --- a/src/map/map.c +++ b/src/map/map.c @@ -3741,7 +3741,7 @@ int map_readallmaps (void) { ShowStatus("Loading maps (using GRF files)...\n"); else { char mapcachefilepath[256]; - snprintf(mapcachefilepath, 256, "%s/%s%s", map->db_path, DBPATH, "map_cache.dat"); + safesnprintf(mapcachefilepath, 256, "%s/%s%s", map->db_path, DBPATH, "map_cache.dat"); ShowStatus("Loading maps (using %s as map cache)...\n", mapcachefilepath); if( (fp = fopen(mapcachefilepath, "rb")) == NULL ) { ShowFatalError("Unable to open map cache file "CL_WHITE"%s"CL_RESET"\n", mapcachefilepath); @@ -4396,7 +4396,7 @@ struct map_zone_data *map_merge_zone(struct map_zone_data *main, struct map_zone nullpo_retr(NULL, main); nullpo_retr(NULL, other); - snprintf(newzone, MAP_ZONE_NAME_LENGTH, "%s+%s", main->name, other->name); + safesnprintf(newzone, MAP_ZONE_NAME_LENGTH, "%s+%s", main->name, other->name); if( (zone = strdb_get(map->zone_db, newzone)) ) return zone;/* this zone has already been merged */ diff --git a/src/map/mob.c b/src/map/mob.c index 52705cf4d..98f8865a9 100644 --- a/src/map/mob.c +++ b/src/map/mob.c @@ -3350,7 +3350,7 @@ int mobskill_use(struct mob_data *md, int64 tick, int event) { char name[NAME_LENGTH]; snprintf(name, sizeof name,"%s", md->name); strtok(name, "#"); // discard extra name identifier if present [Daegaladh] - snprintf(temp, sizeof temp,"%s : %s", name, mc->msg); + safesnprintf(temp, sizeof temp,"%s : %s", name, mc->msg); clif->messagecolor(&md->bl, mc->color, temp); } if(!(battle_config.mob_ai&0x200)) { //pass on delay to same skill. @@ -4494,7 +4494,7 @@ int mob_read_libconfig(const char *filename, bool ignore_missing) int i = 0, count = 0; nullpo_ret(filename); - sprintf(filepath, "%s/%s", map->db_path, filename); + safesnprintf(filepath, sizeof(filepath), "%s/%s", map->db_path, filename); if (ignore_missing && !exists(filepath)) return 0; @@ -4720,7 +4720,7 @@ void mob_readchatdb(void) { char line[1024], filepath[256]; int i, tmp=0; FILE *fp; - sprintf(filepath, "%s/%s", map->db_path, arc); + safesnprintf(filepath, sizeof(filepath), "%s/%s", map->db_path, arc); fp=fopen(filepath, "r"); if(fp == NULL) { ShowWarning("mob_readchatdb: File not found \"%s\", skipping.\n", filepath); @@ -5046,7 +5046,7 @@ void mob_readskilldb(void) { for( fi = 0; fi < ARRAYLENGTH(filename); ++fi ) { if(fi > 0) { char filepath[256]; - snprintf(filepath, 256, "%s/%s", map->db_path, filename[fi]); + safesnprintf(filepath, 256, "%s/%s", map->db_path, filename[fi]); if(!exists(filepath)) { continue; } diff --git a/src/map/npc.c b/src/map/npc.c index a358fd2fb..38996a0a3 100644 --- a/src/map/npc.c +++ b/src/map/npc.c @@ -2724,10 +2724,10 @@ struct npc_data* npc_add_warp(char* name, short from_mapid, short from_x, short flag = 1; if (flag == 1) - snprintf(nd->exname, ARRAYLENGTH(nd->exname), "warp_%d_%d_%d", from_mapid, from_x, from_y); + safesnprintf(nd->exname, ARRAYLENGTH(nd->exname), "warp_%d_%d_%d", from_mapid, from_x, from_y); for( i = 0; npc->name2id(nd->exname) != NULL; ++i ) - snprintf(nd->exname, ARRAYLENGTH(nd->exname), "warp%d_%d_%d_%d", i, from_mapid, from_x, from_y); + safesnprintf(nd->exname, ARRAYLENGTH(nd->exname), "warp%d_%d_%d_%d", i, from_mapid, from_x, from_y); safestrncpy(nd->name, nd->exname, ARRAYLENGTH(nd->name)); nd->u.warp.mapindex = to_mapindex; diff --git a/src/map/quest.c b/src/map/quest.c index 4e3362adb..4c5dcb59f 100644 --- a/src/map/quest.c +++ b/src/map/quest.c @@ -544,7 +544,7 @@ int quest_read_db(void) int i = 0, count = 0; const char *filename = "quest_db.conf"; - snprintf(filepath, 256, "%s/%s", map->db_path, filename); + safesnprintf(filepath, 256, "%s/%s", map->db_path, filename); if (!libconfig->load_file(&quest_db_conf, filepath)) return -1; diff --git a/src/map/script.c b/src/map/script.c index c23a335c3..31af59891 100644 --- a/src/map/script.c +++ b/src/map/script.c @@ -2296,7 +2296,7 @@ void read_constdb(void) struct config_setting_t *t; int i = 0; - snprintf(filepath, 256, "%s/constants.conf", map->db_path); + safesnprintf(filepath, 256, "%s/constants.conf", map->db_path); if (!libconfig->load_file(&constants_conf, filepath)) return; diff --git a/src/map/status.c b/src/map/status.c index 7836b414d..166b33e6f 100644 --- a/src/map/status.c +++ b/src/map/status.c @@ -13416,7 +13416,7 @@ int status_readdb_refine_libconfig(const char *filename) char filepath[256]; int i = 0, count = 0; - sprintf(filepath, "%s/%s", map->db_path, filename); + safesnprintf(filepath, sizeof(filepath), "%s/%s", map->db_path, filename); if (!libconfig->load_file(&refine_db_conf, filepath)) return 0; -- cgit v1.2.3-70-g09d2