Bug: makedeity command does some insecure things
Danger: Medium - Possible data corruption
Found by: Remcon
Fixed by: Remcon
Locate the function and replace with the following:
void do_makedeity( CHAR_DATA * ch, char *argument )
if( !argument || argument == '\0' )
send_to_char( "Usage: makedeity <deity name>\r\n", ch );
smash_tilde( argument );
if( ( deity = get_deity( argument ) ) )
send_to_char( "A deity with that name already holds weight on this world.\r\n", ch );
CREATE( deity, DEITY_DATA, 1 );
LINK( deity, first_deity, last_deity, next, prev );
deity->name = STRALLOC( argument );
deity->filename = str_dup( strlower( argument ) );
save_deity( deity );
ch_printf( ch, "%s deity has been created\r\n", argument );
The above function corrects the following:
1. Tildes were not being removed from the name of the deity. This can result in possible security problems in the right hands.
2. It was possible to make a new deity using an existing deity's name, which would result in the existing deity being overwritten with the new one.
3. The DEITY_DIR was being appended to the new filename, which will result in the file being saved to the wrong location.