empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

(gamedown, show_motd): Move length check to before 'buf' is written to

Browse source 
to prevent stack overflow on 'buf' variable.
This commit is contained in:
Ron Koenderink 2005-02-23 19:00:56 +00:00
parent 9be3aa7739
commit 3af430ebc5
2 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/lib/player/empdis.c
View file

@ -165,13 +165,16 @@ gamedown(void)
close(downf);
return 1;
}
if (tgm.tel_length >= (long)sizeof(buf)) {
logerror("text length (%d) is too long for login message (downfil)", tgm.tel_length);
close(downf);
return 1;
}
if (read(downf, buf, tgm.tel_length) != tgm.tel_length) {
logerror("bad length %ld on login message", tgm.tel_length);
close(downf);
return 1;
}
if (tgm.tel_length >= (long)sizeof(buf))
tgm.tel_length = sizeof(buf) - 1;
buf[tgm.tel_length] = 0;
prnf(buf);
pr("\nThe game is down\n");

7
src/lib/player/player.c
View file

@ -363,13 +363,16 @@ show_motd(void)
close(motdf);
return RET_FAIL;
}
if (tgm.tel_length >= (long)sizeof(buf)) {
logerror("text length (%d) is too long for login message (motdfil)", tgm.tel_length);
close(motdf);
return RET_FAIL;
}
if (read(motdf, buf, tgm.tel_length) != tgm.tel_length) {
logerror("bad length %ld on login message", tgm.tel_length);
close(motdf);
return RET_FAIL;
}
if (tgm.tel_length >= (long)sizeof(buf))
tgm.tel_length = sizeof(buf) - 1;
buf[tgm.tel_length] = 0;
prnf(buf);
(void)close(motdf);