Login
User Name:

Password:



Register
Forgot your password?
Vote for Us!
auth_update crash
Dec 23, 2017, 10:15 pm
By Remcon
check_tumble
Dec 18, 2017, 7:21 pm
By Remcon
parse description bug
Dec 15, 2017, 10:08 pm
By Remcon
Couple bugs
Dec 12, 2017, 5:42 pm
By Remcon
Bug in disarm( )
Nov 12, 2017, 6:54 pm
By GatewaySysop
LoP 1.46
Author: Remcon
Submitted by: Remcon
LOP 1.45
Author: Remcon
Submitted by: Remcon
LOP Heroes Edition
Author: Vladaar
Submitted by: Vladaar
Heroes sound extras
Author: Vladaar
Submitted by: Vladaar
6Dragons 4.3
Author: Vladaar
Submitted by: Vladaar
Users Online
CommonCrawl, Google, Yandex

Members: 0
Guests: 9
Stats
Files
Topics
Posts
Members
Newest Member
478
3,708
19,242
612
Jacki72H
Today's Birthdays
There are no member birthdays today.
Related Links
» SmaugMuds.org » Bugfix Lists » SmaugFUSS Bugfix List » [Bug] makedeity command does ...
Forum Rules | Mark all | Recent Posts

[Bug] makedeity command does some insecure things
< Newer Topic :: Older Topic >

Pages:<< prev 1 next >>
Post is unread #1 Oct 28, 2005, 7:38 pm
Go to the top of the page
Go to the bottom of the page

Samson
Black Hand
GroupAdministrators
Posts3,639
JoinedJan 1, 2002

Bug: makedeity command does some insecure things
Danger: Medium - Possible data corruption
Found by: Remcon
Fixed by: Remcon

---

deity.c, do_makedeity

Locate the function and replace with the following:

void do_makedeity( CHAR_DATA * ch, char *argument )
{
   DEITY_DATA *deity;

   if( !argument || argument[0] == '\0' )
   {
      send_to_char( "Usage: makedeity <deity name>\r\n", ch );
      return;
   }

   smash_tilde( argument );

   if( ( deity = get_deity( argument ) ) )
   {
      send_to_char( "A deity with that name already holds weight on this world.\r\n", ch );
      return;
   }

   CREATE( deity, DEITY_DATA, 1 );
   LINK( deity, first_deity, last_deity, next, prev );
   deity->name = STRALLOC( argument );
   deity->filename = str_dup( strlower( argument ) );
   write_deity_list( );
   save_deity( deity );
   ch_printf( ch, "%s deity has been created\r\n", argument );
   return;
}


The above function corrects the following:

1. Tildes were not being removed from the name of the deity. This can result in possible security problems in the right hands.
2. It was possible to make a new deity using an existing deity's name, which would result in the existing deity being overwritten with the new one.
3. The DEITY_DIR was being appended to the new filename, which will result in the file being saved to the wrong location.
       
Pages:<< prev 1 next >>