Login
User Name:

Password:



Register
Forgot your password?
Vote for Us!
auth_update crash
Dec 23, 2017, 10:15 pm
By Remcon
check_tumble
Dec 18, 2017, 7:21 pm
By Remcon
parse description bug
Dec 15, 2017, 10:08 pm
By Remcon
Couple bugs
Dec 12, 2017, 5:42 pm
By Remcon
Bug in disarm( )
Nov 12, 2017, 6:54 pm
By GatewaySysop
LoP 1.46
Author: Remcon
Submitted by: Remcon
LOP 1.45
Author: Remcon
Submitted by: Remcon
LOP Heroes Edition
Author: Vladaar
Submitted by: Vladaar
Heroes sound extras
Author: Vladaar
Submitted by: Vladaar
6Dragons 4.3
Author: Vladaar
Submitted by: Vladaar
Users Online
CommonCrawl, Bing, Yandex, Yahoo!

Members: 0
Guests: 11
Stats
Files
Topics
Posts
Members
Newest Member
478
3,708
19,242
612
Jacki72H
Today's Birthdays
There are no member birthdays today.
Related Links
» SmaugMuds.org » Bugfix Lists » SmaugFUSS Bugfix List » [Bug] Buffer overflow potenti...
Forum Rules | Mark all | Recent Posts

[Bug] Buffer overflow potential in some places
< Newer Topic :: Older Topic >

Pages:<< prev 1 next >>
Post is unread #1 Jul 16, 2006, 9:04 pm
Go to the top of the page
Go to the bottom of the page

Samson
Black Hand
GroupAdministrators
Posts3,639
JoinedJan 1, 2002

Bug: Buffer overflow potential in some places
Danger: High - Buffer overflows tend to cause crashes
Found by: Nick Gammon
Fixed by: Nick Gammon

---

act_comm.c, talk_channel

Locate:
         if( xIS_SET( ch->act, PLR_WIZINVIS ) && can_see( vch, ch ) && IS_IMMORTAL( vch ) )
         {
            snprintf( lbuf, MAX_STRING_LENGTH, "(%d) ", ( !IS_NPC( ch ) ) ? ch->pcdata->wizinvis : ch->mobinvis );
         }


Change to:
         if( xIS_SET( ch->act, PLR_WIZINVIS ) && can_see( vch, ch ) && IS_IMMORTAL( vch ) )
         {
            snprintf( lbuf, MAX_INPUT_LENGTH + 4, "(%d) ", ( !IS_NPC( ch ) ) ? ch->pcdata->wizinvis : ch->mobinvis );
         }


build.c, edit_buffer

Locate:
               lineln = snprintf( buf, MAX_STRING_LENGTH, "%s%s", word2, wptr + wordln );


Change to:
               lineln = snprintf( buf, MAX_INPUT_LENGTH, "%s%s", word2, wptr + wordln );


Locate:
         mudstrlcpy( buf, argument, MAX_STRING_LENGTH );


Change to:
         mudstrlcpy( buf, argument, MAX_INPUT_LENGTH );


player.c, do_statreport

Locate:
   char buf[MAX_INPUT_LENGTH];


Change to:
   char buf[MAX_STRING_LENGTH];


The above cases of overruns are minor at best, and may never get triggered, but on the off chance they do then these corrections will prevent memory corruption or crashes from occurring.

       
Pages:<< prev 1 next >>