Changeset 545


Ignore:
Timestamp:
Apr 28, 2011, 1:07:43 AM (6 years ago)
Author:
Sam Hocevar
Message:

core: fix a few security issues caused by unchecked string operations,
reported in ticket #25.

Location:
abuse/trunk/src
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • abuse/trunk/src/dev.cpp

    r533 r545  
    867867    {
    868868      i++;
    869       strcpy(level_file,argv[i]);
     869      strncpy(level_file, argv[i], sizeof(level_file) - 1);
     870      level_file[sizeof(level_file) - 1] = '\0';
    870871    } else if (!strcmp(argv[i],"-2"))
    871872      start_doubled=1;
  • abuse/trunk/src/innet.cpp

    r524 r545  
    8888        {
    8989            i++;
    90             strcpy( main_net_cfg->server_name, argv[i] );
     90            strncpy(main_net_cfg->server_name, argv[i],
     91                    sizeof(main_net_cfg->server_name) - 1);
     92            main_net_cfg->server_name[sizeof(main_net_cfg->server_name) - 1]
     93                = '\0';
    9194            main_net_cfg->state = net_configuration::CLIENT;
    9295        }
  • abuse/trunk/src/loader2.cpp

    r527 r545  
    9696  {
    9797    delete fp;
    98     sprintf(fn,"art/%s",filename);
     98    snprintf(fn, sizeof(fn), "art/%s", filename);
    9999    fp=open_file(fn,"rb");
    100100    if (fp->open_failure())
     
    325325      {
    326326    i++;
    327     sprintf(lsf,"addon/%s/%s.lsp",argv[i],argv[i]);
     327    snprintf(lsf, sizeof(lsf), "addon/%s/%s.lsp", argv[i], argv[i]);
    328328      }
    329329    }
     
    342342
    343343
    344   sprintf(prog,"(load \"%s\")\n",lsf);
     344  snprintf(prog, sizeof(prog), "(load \"%s\")\n", lsf);
    345345
    346346  cs=prog;
     
    358358  {
    359359    char nm[10];
    360     sprintf(nm,"l%d",z);
     360    snprintf(nm, sizeof(nm), "l%d", z);
    361361    light_buttons[z]=cache.reg("art/dev.spe",nm,SPEC_IMAGE,0);
    362362  }
     
    488488  char *s;
    489489
    490   sprintf(fn,"%s",name);
     490  snprintf(fn, sizeof(fn), "%s", name);
    491491  bFILE *fp=open_file(fn,"rb");
    492492  if (fp->open_failure())
Note: See TracChangeset for help on using the changeset viewer.