Login
User Name:

Password:



Register
Forgot your password?
Vote for Us!
Couple bugs
Yesterday, 5:42 pm
By Remcon
Bug in disarm( )
Nov 12, 2017, 6:54 pm
By GatewaySysop
Bug in will_fall( )
Oct 23, 2017, 1:35 am
By GatewaySysop
Bug in do_zap( ), do_brandish( )
Oct 18, 2017, 1:52 pm
By GatewaySysop
Bug in get_exp_worth( )
Oct 10, 2017, 1:26 am
By GatewaySysop
LOP 1.45
Author: Remcon
Submitted by: Remcon
LOP Heroes Edition
Author: Vladaar
Submitted by: Vladaar
Heroes sound extras
Author: Vladaar
Submitted by: Vladaar
6Dragons 4.3
Author: Vladaar
Submitted by: Vladaar
Memwatch
Author: Johan Lindh
Submitted by: Vladaar
Users Online
CommonCrawl, Yahoo!, Yandex, DotBot, Bing, Google

Members: 0
Guests: 6
Stats
Files
Topics
Posts
Members
Newest Member
477
3,705
19,232
608
LAntorcha
Today's Birthdays
There are no member birthdays today.
Related Links
» SmaugMuds.org » Bugfix Lists » SmaugFUSS Bugfix List » [Bug] Buffer overflow potenti...
Forum Rules | Mark all | Recent Posts

[Bug] Buffer overflow potential in some places
< Newer Topic :: Older Topic >

Pages:<< prev 1 next >>
Post is unread #1 Jul 16, 2006, 9:04 pm
Go to the top of the page
Go to the bottom of the page

Samson
Black Hand
GroupAdministrators
Posts3,639
JoinedJan 1, 2002

Bug: Buffer overflow potential in some places
Danger: High - Buffer overflows tend to cause crashes
Found by: Nick Gammon
Fixed by: Nick Gammon

---

act_comm.c, talk_channel

Locate:
         if( xIS_SET( ch->act, PLR_WIZINVIS ) && can_see( vch, ch ) && IS_IMMORTAL( vch ) )
         {
            snprintf( lbuf, MAX_STRING_LENGTH, "(%d) ", ( !IS_NPC( ch ) ) ? ch->pcdata->wizinvis : ch->mobinvis );
         }


Change to:
         if( xIS_SET( ch->act, PLR_WIZINVIS ) && can_see( vch, ch ) && IS_IMMORTAL( vch ) )
         {
            snprintf( lbuf, MAX_INPUT_LENGTH + 4, "(%d) ", ( !IS_NPC( ch ) ) ? ch->pcdata->wizinvis : ch->mobinvis );
         }


build.c, edit_buffer

Locate:
               lineln = snprintf( buf, MAX_STRING_LENGTH, "%s%s", word2, wptr + wordln );


Change to:
               lineln = snprintf( buf, MAX_INPUT_LENGTH, "%s%s", word2, wptr + wordln );


Locate:
         mudstrlcpy( buf, argument, MAX_STRING_LENGTH );


Change to:
         mudstrlcpy( buf, argument, MAX_INPUT_LENGTH );


player.c, do_statreport

Locate:
   char buf[MAX_INPUT_LENGTH];


Change to:
   char buf[MAX_STRING_LENGTH];


The above cases of overruns are minor at best, and may never get triggered, but on the off chance they do then these corrections will prevent memory corruption or crashes from occurring.

       
Pages:<< prev 1 next >>