Mirroristas/rathena
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Reviewed atcommand.c and charcommand.c to make sure there's no scanf where a string argument is specified without a size limit.

Browse Source 
git-svn-id: https://svn.code.sf.net/p/rathena/svn/trunk@10111 54d463be-8e91-2dee-dedb-b68131a5f0ec
This commit is contained in:
skotlex 2007-04-01 21:15:17 +00:00
parent 258746a5f9
commit 37d8d915b2
2 changed files with 15 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/map/atcommand.c
View File

@ -879,7 +879,7 @@ AtCommandType atcommand(struct map_session_data* sd, const int level, const char
int i = 0;
memset(info, 0, sizeof(AtCommandInfo));
sscanf(p, "%100s", command);
command[sizeof(command)-1] = '\0';
command[100] = '\0';
while (atcommand_info[i].type != AtCommand_Unknown) {
if (strcmpi(command+1, atcommand_info[i].command+1) == 0 && level >= atcommand_info[i].level) {
@ -1411,14 +1411,11 @@ int atcommand_jumpto(const int fd, struct map_session_data* sd, const char* comm
nullpo_retr(-1, sd);
if (!message || !*message || sscanf(message, "%99[^\n]", atcmd_player_name) < 1) {
if (!message || !*message || sscanf(message, "%23[^\n]", atcmd_player_name) < 1) {
clif_displaymessage(fd, "Please, enter a player name (usage: @jumpto/@warpto/@goto <char name>).");
return -1;
}
memset(atcmd_player_name, '\0', sizeof atcmd_player_name);
if (sscanf(message, "%23[^\n]", atcmd_player_name) < 1)
return -1;
if(strncmp(sd->status.name,atcmd_player_name,NAME_LENGTH)==0) //Yourself mate? Tsk tsk tsk.
return -1;
@ -4369,9 +4366,6 @@ int atcommand_recall(const int fd, struct map_session_data* sd, const char* comm
return -1;
}
memset(atcmd_player_name, '\0', sizeof atcmd_player_name);
if(sscanf(message, "%23[^\n]", atcmd_player_name) < 1)
return -1;
if(strncmp(sd->status.name,atcmd_player_name,NAME_LENGTH)==0)
return -1;
@ -4442,7 +4436,7 @@ int atcommand_char_block(const int fd, struct map_session_data* sd, const char*
memset(atcmd_player_name, '\0', sizeof(atcmd_player_name));
if (!message || !*message || sscanf(message, "%99[^\n]", atcmd_player_name) < 1) {
if (!message || !*message || sscanf(message, "%23[^\n]", atcmd_player_name) < 1) {
clif_displaymessage(fd, "Please, enter a player name (usage: @charblock/@block <name>).");
return -1;
}
@ -4487,7 +4481,7 @@ int atcommand_char_ban(const int fd, struct map_session_data* sd, const char* co
memset(atcmd_output, '\0', sizeof(atcmd_output));
memset(atcmd_player_name, '\0', sizeof(atcmd_player_name));
if (!message || !*message || sscanf(message, "%s %99[^\n]", atcmd_output, atcmd_player_name) < 2) {
if (!message || !*message || sscanf(message, "%199s %99[^\n]", atcmd_output, atcmd_player_name) < 2) {
clif_displaymessage(fd, "Please, enter ban time and a player name (usage: @charban/@ban/@banish/@charbanish <time> <name>).");
return -1;
}
@ -6105,7 +6099,7 @@ int atcommand_chardelitem(const int fd, struct map_session_data* sd, const char*
if (!message || !*message || (
sscanf(message, "\"%99[^\"]\" %d %99[^\n]", item_name, &number, atcmd_player_name) < 3 &&
sscanf(message, "%s %d %99[^\n]", item_name, &number, atcmd_player_name) < 3
sscanf(message, "%99s %d %99[^\n]", item_name, &number, atcmd_player_name) < 3
) || number < 1) {
clif_displaymessage(fd, "Please, enter an item name/id, a quantity and a player name (usage: @chardelitem <item_name_or_ID> <quantity> <player>).");
return -1;
@ -6292,7 +6286,7 @@ int atcommand_jailfor(const int fd, struct map_session_data* sd, const char* com
short m_index = 0;
nullpo_retr(-1, sd);
if (!message || !*message || sscanf(message, "%s %99[^\n]",atcmd_output,atcmd_player_name) < 2) {
if (!message || !*message || sscanf(message, "%199s %99[^\n]",atcmd_output,atcmd_player_name) < 2) {
clif_displaymessage(fd, msg_txt(400)); //Usage: @jailfor <time> <character name>
return -1;
}
@ -6431,7 +6425,7 @@ int atcommand_charjailtime(const int fd, struct map_session_data* sd, const char
nullpo_retr(-1, sd);
if (!message || !*message || sscanf(message, "%[^\n]", atcmd_player_name) < 1) {
if (!message || !*message || sscanf(message, "%23[^\n]", atcmd_player_name) < 1) {
clif_displaymessage(fd, "Please, enter a player name (usage: @charjailtime <character name>).");
return -1;
}
@ -6656,7 +6650,7 @@ int atcommand_chardisguise(const int fd, struct map_session_data* sd, const char
memset(atcmd_player_name, '\0', sizeof(atcmd_player_name));
memset(mob_name, '\0', sizeof(mob_name));
if (!message || !*message || sscanf(message, "%s %23[^\n]", mob_name, atcmd_player_name) < 2) {
if (!message || !*message || sscanf(message, "%23s %23[^\n]", mob_name, atcmd_player_name) < 2) {
clif_displaymessage(fd, "Please, enter a Monster/NPC name/id and a player name (usage: @chardisguise <monster_name_or_monster_ID> <char name>).");
return -1;
}
@ -7012,7 +7006,7 @@ int atcommand_addwarp(const int fd, struct map_session_data* sd, const char* com
if (!message || !*message)
return -1;
if (sscanf(message, "%99s %d %d[^\n]", atcmd_player_name, &x, &y ) < 3)
if (sscanf(message, "%23s %d %d[^\n]", atcmd_player_name, &x, &y ) < 3)
return -1;
sprintf(w1,"%s,%d,%d", mapindex_id2name(sd->mapindex), sd->bl.x, sd->bl.y);
@ -7227,7 +7221,7 @@ int atcommand_useskill(const int fd, struct map_session_data* sd, const char* co
struct block_list *bl;
int skillnum;
int skilllv;
char target[255];
char target[100];
nullpo_retr(-1, sd);
if (!message || !*message)
@ -8159,7 +8153,7 @@ int atcommand_adjcmdlvl(const int fd, struct map_session_data* sd, const char* c
char cmd[100];
nullpo_retr(-1, sd);
if (!message || !*message || sscanf(message, "%d %100s", &newlev, cmd) != 2)
if (!message || !*message || sscanf(message, "%d %99s", &newlev, cmd) != 2)
{
clif_displaymessage(fd, "Usage: @adjcmdlvl <lvl> <command>.");
return -1;

8
src/map/charcommand.c
View File

@ -224,7 +224,7 @@ CharCommandType charcommand(struct map_session_data* sd, const int level, const
int i = 0;
memset(info, 0, sizeof(CharCommandInfo));
sscanf(p, "%100s", command);
command[sizeof(command)-1] = '\0';
command[100] = '\0';
while (charcommand_info[i].type != CharCommand_Unknown) {
if (strcmpi(command+1, charcommand_info[i].command+1) == 0 && level >= charcommand_info[i].level) {
@ -891,16 +891,16 @@ charcommand_effect(const int fd, struct map_session_data* sd,
const char* command, const char* message)
{
struct map_session_data *pl_sd = NULL;
char target[255];
char target[NAME_LENGTH];
int type = 0;
nullpo_retr(-1, sd);
if (!message || !*message || sscanf(message, "%d %s", &type, target) != 2) {
if (!message || !*message || sscanf(message, "%d %23s", &type, target) != 2) {
clif_displaymessage(fd, "usage: #effect <type+> <target>.");
return -1;
}
if((pl_sd=map_nick2sd((char *) target)) == NULL)
if((pl_sd=map_nick2sd(target)) == NULL)
return -1;
clif_specialeffect(&pl_sd->bl, type, AREA);