(coun_cmd): Multiple client commands could overrun player->client[].

author Markus Armbruster <armbru@pond.sub.org>

Sat, 13 May 2006 07:56:12 +0000 (07:56 +0000)

committer Markus Armbruster <armbru@pond.sub.org>

Sat, 13 May 2006 07:56:12 +0000 (07:56 +0000)
author Markus Armbruster <armbru@pond.sub.org>
Sat, 13 May 2006 07:56:12 +0000 (07:56 +0000)
committer Markus Armbruster <armbru@pond.sub.org>
Sat, 13 May 2006 07:56:12 +0000 (07:56 +0000)
diff --git a/src/lib/player/login.c b/src/lib/player/login.c

index 4c81d4b2c930d3ead9dde9a2e8c96a26680fdcd4..4eb207f4aa06ea8c423dbd0f982d9afe0dcd72c9 100644 (file)
--- a/src/lib/player/login.c
+++ b/src/lib/player/login.c
@@ -133,17 +133,23 @@ player_login(void *ud)
  static int
  client_cmd(void)
  {
-    int i;
+    int i, sz;
+    char *p, *end;
  
      if (!player->argp[1])
         return RET_SYN;
  
+    p = player->client;
+    end = player->client + sizeof(player->client) - 1;
      for (i = 1; player->argp[i]; ++i) {
         if (i > 1)
-           strncat(player->client, " ", sizeof(player->client) - 1);
-       strncat(player->client, player->argp[i], sizeof(player->client) - 1);
+           *p++ = ' ';
+       sz = strlen(player->argp[i]);
+       sz = MIN(sz, end - p);
+       memcpy(p, player->argp[i], sz);
+       p += sz;
      }
-    player->client[sizeof(player->client) - 1] = '\0';
+    *p = 0;
      pr_id(player, C_CMDOK, "talking to %s\n", player->client);
      return RET_OK;
  }
author	Markus Armbruster <armbru@pond.sub.org>
	Sat, 13 May 2006 07:56:12 +0000 (07:56 +0000)
committer	Markus Armbruster <armbru@pond.sub.org>
	Sat, 13 May 2006 07:56:12 +0000 (07:56 +0000)