diff options
author | Helmut Grohne <helmut@subdivi.de> | 2010-01-19 20:24:19 +0100 |
---|---|---|
committer | Jared Adams <jaxad0127@gmail.com> | 2010-01-19 18:39:39 +0000 |
commit | 67e82f1a0bc2a9078cfe11e0add190fa7cc4b891 (patch) | |
tree | ec2f2134d4c6b1a037c18fb65bdd3ef18a4efb8e /src/map/npc.c | |
parent | abe96e3b05a99a984d6f00098f1aa9759814b542 (diff) | |
download | tmwa-67e82f1a0bc2a9078cfe11e0add190fa7cc4b891.tar.gz tmwa-67e82f1a0bc2a9078cfe11e0add190fa7cc4b891.tar.bz2 tmwa-67e82f1a0bc2a9078cfe11e0add190fa7cc4b891.tar.xz tmwa-67e82f1a0bc2a9078cfe11e0add190fa7cc4b891.zip |
fixed a few buffer overruns
strncpy does not always terminate strings. Unterminated strings
(without a length) are bad. So better terminate them.
Diffstat (limited to 'src/map/npc.c')
-rw-r--r-- | src/map/npc.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/map/npc.c b/src/map/npc.c index 49fe578..4ff5ba2 100644 --- a/src/map/npc.c +++ b/src/map/npc.c @@ -321,7 +321,8 @@ int npc_event_doall_l (const char *name, int rid, int argc, argrec_t * args) int c = 0; char buf[64] = "::"; - strncpy (buf + 2, name, 62); + strncpy (buf + 2, name, sizeof(buf)-3); + buf[sizeof(buf)-1] = '\0'; strdb_foreach (ev_db, npc_event_doall_sub, &c, buf, rid, argc, args); return c; } @@ -1477,7 +1478,8 @@ int npc_convertlabel_db (void *key, void *data, va_list ap) * (num + 1)); *p = '\0'; - strncpy (lst[num].name, lname, 24); + strncpy (lst[num].name, lname, sizeof(lst[num].name)-1); + lst[num].name[sizeof(lst[num].name)-1] = '\0'; *p = ':'; lst[num].pos = pos; nd->u.scr.label_list = lst; @@ -1856,7 +1858,7 @@ static int npc_parse_function (char *w1, char *w2, char *w3, char *w4, p = (char *) aCalloc (50, sizeof (char)); - strncpy (p, w3, 50); + strncpy (p, w3, 49); strdb_insert (script_get_userfunc_db (), p, script); // label_db=script_get_label_db(); |