empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

files could clobber the game when reading confirmation fails

Browse source 
fgets() fails on read error or EOF.  When it fails, it doesn't touch
the buffer.  Since files didn't check its return value, it read an
uninitialized character from the buffer.  If that happened to be 'y'
or 'Y', it happily clobbered the game.
This commit is contained in:
Markus Armbruster 2010-02-14 19:29:13 +01:00
parent f9d6149db3
commit 2b4e97730d
1 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/util/files.c
View file

@ -130,8 +130,7 @@ main(int argc, char *argv[])
printf("WARNING: this blasts the existing game in %s (if any)\n", printf("WARNING: this blasts the existing game in %s (if any)\n",
gamedir); gamedir);
printf("continue? "); printf("continue? ");
fgets(buf, sizeof(buf), stdin); if (!fgets(buf, sizeof(buf), stdin) || (*buf != 'y' && *buf != 'Y'))
if (*buf != 'y' && *buf != 'Y')
exit(1); exit(1);
} }
for (i = 0; i < EF_MAX; i++) { for (i = 0; i < EF_MAX; i++) {