- use correctly bounded strings when reloading a saved game. in particular,
do not let the save game file "string length" exceed the amount of space supplied. as noted by <stanojr@iserver.sk> on bugtraq. - minor KNF. tested by simonb.
This commit is contained in:
parent
a189aa3eba
commit
4a05361ffa
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: inventory.c,v 1.7 2002/07/07 09:35:08 tron Exp $ */
|
||||
/* $NetBSD: inventory.c,v 1.8 2002/10/01 14:18:57 mrg Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988, 1993
|
||||
@ -41,7 +41,7 @@
|
||||
#if 0
|
||||
static char sccsid[] = "@(#)inventory.c 8.1 (Berkeley) 5/31/93";
|
||||
#else
|
||||
__RCSID("$NetBSD: inventory.c,v 1.7 2002/07/07 09:35:08 tron Exp $");
|
||||
__RCSID("$NetBSD: inventory.c,v 1.8 2002/10/01 14:18:57 mrg Exp $");
|
||||
#endif
|
||||
#endif /* not lint */
|
||||
|
||||
@ -421,14 +421,14 @@ void
|
||||
mix_colors()
|
||||
{
|
||||
short i, j, k;
|
||||
char *t;
|
||||
char t[MAX_ID_TITLE_LEN];
|
||||
|
||||
for (i = 0; i <= 32; i++) {
|
||||
j = get_rand(0, (POTIONS - 1));
|
||||
k = get_rand(0, (POTIONS - 1));
|
||||
t = id_potions[j].title;
|
||||
id_potions[j].title = id_potions[k].title;
|
||||
id_potions[k].title = t;
|
||||
memcpy(t, id_potions[j].title, MAX_ID_TITLE_LEN);
|
||||
memcpy(id_potions[j].title, id_potions[k].title, MAX_ID_TITLE_LEN);
|
||||
memcpy(id_potions[k].title, t, MAX_ID_TITLE_LEN);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: message.c,v 1.8 2000/07/10 10:19:27 itojun Exp $ */
|
||||
/* $NetBSD: message.c,v 1.9 2002/10/01 14:18:57 mrg Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988, 1993
|
||||
@ -41,7 +41,7 @@
|
||||
#if 0
|
||||
static char sccsid[] = "@(#)message.c 8.1 (Berkeley) 5/31/93";
|
||||
#else
|
||||
__RCSID("$NetBSD: message.c,v 1.8 2000/07/10 10:19:27 itojun Exp $");
|
||||
__RCSID("$NetBSD: message.c,v 1.9 2002/10/01 14:18:57 mrg Exp $");
|
||||
#endif
|
||||
#endif /* not lint */
|
||||
|
||||
@ -64,7 +64,7 @@ __RCSID("$NetBSD: message.c,v 1.8 2000/07/10 10:19:27 itojun Exp $");
|
||||
char msgs[NMESSAGES][DCOLS] = {"", "", "", "", ""};
|
||||
short msg_col = 0, imsg = -1;
|
||||
boolean msg_cleared = 1, rmsg = 0;
|
||||
char hunger_str[8] = "";
|
||||
char hunger_str[HUNGER_STR_LEN] = "";
|
||||
const char *more = "-more-";
|
||||
|
||||
void
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: rogue.h,v 1.12 2001/02/05 01:04:25 christos Exp $ */
|
||||
/* $NetBSD: rogue.h,v 1.13 2002/10/01 14:18:57 mrg Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988, 1993
|
||||
@ -192,9 +192,10 @@
|
||||
|
||||
#define MAX_OPT_LEN 40
|
||||
|
||||
#define MAX_ID_TITLE_LEN 64
|
||||
struct id {
|
||||
short value;
|
||||
char *title;
|
||||
char title[MAX_ID_TITLE_LEN];
|
||||
char *real;
|
||||
unsigned short id_status;
|
||||
};
|
||||
@ -658,7 +659,7 @@ int rand_percent __P((int));
|
||||
void rand_place __P((object *));
|
||||
void read_pack __P((object *, FILE *, boolean));
|
||||
void read_scroll __P((void));
|
||||
void read_string __P((char *, FILE *));
|
||||
void read_string __P((char *, FILE *, size_t));
|
||||
void recursive_deadend __P((short, const short *, short, short));
|
||||
boolean reg_move __P((void));
|
||||
void relight __P((void));
|
||||
@ -763,8 +764,9 @@ extern boolean sustain_strength;
|
||||
extern boolean trap_door;
|
||||
extern boolean wizard;
|
||||
extern char hit_message[];
|
||||
extern char hunger_str[];
|
||||
extern char login_name[];
|
||||
#define HUNGER_STR_LEN 8
|
||||
extern char hunger_str[HUNGER_STR_LEN];
|
||||
extern char login_name[MAX_OPT_LEN];
|
||||
extern const char *byebye_string;
|
||||
extern const char *curse_message;
|
||||
extern const char *error_file;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: save.c,v 1.7 1999/09/18 19:38:54 jsm Exp $ */
|
||||
/* $NetBSD: save.c,v 1.8 2002/10/01 14:18:58 mrg Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988, 1993
|
||||
@ -41,7 +41,7 @@
|
||||
#if 0
|
||||
static char sccsid[] = "@(#)save.c 8.1 (Berkeley) 5/31/93";
|
||||
#else
|
||||
__RCSID("$NetBSD: save.c,v 1.7 1999/09/18 19:38:54 jsm Exp $");
|
||||
__RCSID("$NetBSD: save.c,v 1.8 2002/10/01 14:18:58 mrg Exp $");
|
||||
#endif
|
||||
#endif /* not lint */
|
||||
|
||||
@ -102,8 +102,8 @@ save_into_file(sfile)
|
||||
}
|
||||
}
|
||||
}
|
||||
if ( ((fp = fopen(sfile, "w")) == NULL) ||
|
||||
((file_id = md_get_file_id(sfile)) == -1)) {
|
||||
if (((fp = fopen(sfile, "w")) == NULL) ||
|
||||
((file_id = md_get_file_id(sfile)) == -1)) {
|
||||
message("problem accessing the save file", 0);
|
||||
return;
|
||||
}
|
||||
@ -166,8 +166,8 @@ restore(fname)
|
||||
int new_file_id, saved_file_id;
|
||||
|
||||
fp = NULL;
|
||||
if ( ((new_file_id = md_get_file_id(fname)) == -1) ||
|
||||
((fp = fopen(fname, "r")) == NULL)) {
|
||||
if (((new_file_id = md_get_file_id(fname)) == -1) ||
|
||||
((fp = fopen(fname, "r")) == NULL)) {
|
||||
clean_up("cannot open file");
|
||||
}
|
||||
if (md_link_count(fname) > 1) {
|
||||
@ -177,10 +177,10 @@ restore(fname)
|
||||
r_read(fp, (char *) &detect_monster, sizeof(detect_monster));
|
||||
r_read(fp, (char *) &cur_level, sizeof(cur_level));
|
||||
r_read(fp, (char *) &max_level, sizeof(max_level));
|
||||
read_string(hunger_str, fp);
|
||||
read_string(hunger_str, fp, sizeof hunger_str);
|
||||
|
||||
(void) strcpy(tbuf, login_name);
|
||||
read_string(login_name, fp);
|
||||
(void) strlcpy(tbuf, login_name, sizeof tbuf);
|
||||
read_string(login_name, fp, sizeof login_name);
|
||||
if (strcmp(tbuf, login_name)) {
|
||||
clean_up("you're not the original player");
|
||||
}
|
||||
@ -269,9 +269,9 @@ read_pack(pack, fp, is_rogue)
|
||||
*new_obj = read_obj;
|
||||
if (is_rogue) {
|
||||
if (new_obj->in_use_flags & BEING_WORN) {
|
||||
do_wear(new_obj);
|
||||
do_wear(new_obj);
|
||||
} else if (new_obj->in_use_flags & BEING_WIELDED) {
|
||||
do_wield(new_obj);
|
||||
do_wield(new_obj);
|
||||
} else if (new_obj->in_use_flags & (ON_EITHER_HAND)) {
|
||||
do_put_on(new_obj,
|
||||
((new_obj->in_use_flags & ON_LEFT_HAND) ? 1 : 0));
|
||||
@ -326,7 +326,7 @@ rw_id(id_table, fp, n, wr)
|
||||
r_read(fp, (char *) &(id_table[i].value), sizeof(short));
|
||||
r_read(fp, (char *) &(id_table[i].id_status),
|
||||
sizeof(unsigned short));
|
||||
read_string(id_table[i].title, fp);
|
||||
read_string(id_table[i].title, fp, MAX_ID_TITLE_LEN);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -345,13 +345,16 @@ write_string(s, fp)
|
||||
}
|
||||
|
||||
void
|
||||
read_string(s, fp)
|
||||
read_string(s, fp, len)
|
||||
char *s;
|
||||
FILE *fp;
|
||||
size_t len;
|
||||
{
|
||||
short n;
|
||||
|
||||
r_read(fp, (char *) &n, sizeof(short));
|
||||
if (n > len)
|
||||
clean_up("read_string: corrupt game file");
|
||||
r_read(fp, s, n);
|
||||
xxxx(s, n);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user