freebsd-ports/games/0verkill/files/patch-server.c
Michael Landin 2dac7afb6a 1. Merge fixes for long known bugs from hackndev[1] version
3507529 64bit fix ... now works on amd64 as well ;-)
95d2af2 Replaced all those insecure sprintf's with snprintf's (partial)
33a1a8d Fix sigsegv on hero reaching topmost or leftmost border of the game area
436bbfc Push back network stack underflow bugfix
160e4d6 Prevent buffer overflow
ee911ba make the server invulnerable to long names
2. Add patch from gentoo linux[2] to use unmodified game data.
3. Support staging
4. Use options framework

[1] https://github.com/hackndev/0verkill
[2] http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/games-action/0verkill/files/0verkill-0.16-gentoo-paths.patch?revision=1.1&view=markup

PR:		ports/184252
Submitted by:	Vladimir Kondratiev <wulf@cicgroup.ru>
2013-12-23 16:32:05 +00:00

33 lines
1.2 KiB
C

--- server.c.orig 2001-12-16 18:18:45.000000000 +0300
+++ server.c 2013-11-24 22:37:06.306435317 +0400
@@ -907,6 +907,8 @@
packet[0]=P_MESSAGE;
if (!name){snprintf(packet+1,256,"%s",msg);len=strlen(msg)+1+1;}
else {snprintf(packet+1,256,"%s> %s",name,msg);len=strlen(name)+strlen(msg)+1+3;}
+ if (len > 255)
+ len = 255;
send_chunk_packet_to_player(packet,len,player);
}
@@ -921,6 +923,8 @@
packet[0]=P_MESSAGE;
if (!name){snprintf(packet+1,255,"%s",msg);len=strlen(msg)+1+1;}
else {snprintf(packet+1,255,"%s> %s",name,msg);len=strlen(name)+strlen(msg)+1+3;}
+ if (len > 255)
+ len = 255;
for (p=&players;p->next;p=p->next)
if ((!not1||(&(p->next->member))!=not1)&&(!not2||(&(p->next->member))!=not2))
send_chunk_packet_to_player(packet,len,&(p->next->member));
@@ -1228,6 +1232,12 @@
send_packet(packet,2,(struct sockaddr*)(&client),0,last_player->member.id);
break;
}
+ if (strlen(packet+5) > MAX_NAME_LEN)
+ {
+ snprintf(txt,256,"Name too long, shortening it to %i characters\n",MAX_NAME_LEN);
+ message(txt,2);
+ packet[5+MAX_NAME_LEN]='\0';
+ }
find_birthplace(&x,&y);
if (add_player(packet[4],packet+5,&client,x,y)) /* failed to add player */
{