Buffer overflows are bad for you, m'kay?

git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@3029 fc73d0e0-1445-4013-8a0c-d673dee63da5
2024-11-26 13:50:53 +00:00 · 2008-08-23 19:17:19 +00:00 · 2008-08-23 19:17:19 +00:00 · 24e178bc37
commit 24e178bc37
parent 828b3e99ab
3 changed files with 18 additions and 10 deletions
--- a/engine/server/server.h
+++ b/engine/server/server.h
@ -952,7 +952,7 @@ void SV_SaveInfos(vfsfile_t *f);
 void Master_Heartbeat (void);
 void Master_Packet (void);

-void SV_FixupName(char *in, char *out);
+void SV_FixupName(char *in, char *out, unsigned int outlen);

 //
 // sv_init.c
--- a/engine/server/sv_main.c
+++ b/engine/server/sv_main.c
@ -197,7 +197,7 @@ char cvargroup_servercontrol[] = "server control variables";

 vfsfile_t	*sv_fraglogfile;

-void SV_FixupName(char *in, char *out);
+void SV_FixupName(char *in, char *out, unsigned int outlen);
 void SV_AcceptClient (netadr_t adr, int userid, char *userinfo);
 void Master_Shutdown (void);
 void PR_SetPlayerClass(client_t *cl, int classnum, qboolean fromqc);
@ -1754,7 +1754,7 @@ client_t *SVC_DirectConnect(void)
 #endif
 	}

-	SV_FixupName(name, name);
+	SV_FixupName(name, name, sizeof(name));

 	if (!*name)
 	{
@ -3642,14 +3642,20 @@ void Master_Shutdown (void)
 #define iswhite(c) (c == ' ' || c == INVIS_CHAR1 || c == INVIS_CHAR2 || c == INVIS_CHAR3)
 #define isinvalid(c) (c == '\r' || c == '\n')
 //is allowed to shorten, out must be as long as in and min of "unnamed"+1
-void SV_FixupName(char *in, char *out)
+void SV_FixupName(char *in, char *out, unsigned int outlen)
 {
 	char *s, *p;
+	unsigned int len;
+
+	if (outlen == 0)
+		return;
+
+	len = outlen;

 	s = out;
 	while(iswhite(*in) || isinvalid(*in))
 		in++;
-	while(*in)
+	while(*in && len > 0)
 	{
 		if (isinvalid(*in))
 		{
@ -3657,13 +3663,15 @@ void SV_FixupName(char *in, char *out)
 			continue;
 		}
 		*s++ = *in++;
+		len--;
 	}
 	*s = '\0';

 	if (!*out)
 	{	//reached end and it was all whitespace
 		//white space only
-		strcpy(out, "unnamed");
+		strncpy(out, "unnamed", outlen);
+		out[outlen-1] = 0;
 		p = out;
 	}

@ -3756,7 +3764,7 @@ void SV_ExtractFromUserinfo (client_t *cl)

 	if (cl->protocol != SCP_BAD || *val)
 	{
-		SV_FixupName(val, newname);
+		SV_FixupName(val, newname, sizeof(newname));
 		if (strlen(newname) > 40)
 			newname[40] = 0;
 	}
--- a/engine/server/sv_rankin.c
+++ b/engine/server/sv_rankin.c
@ -480,7 +480,7 @@ void Rank_AddUser_f (void)
 		return;
 	}

-	SV_FixupName(name, name);
+	SV_FixupName(name, name, sizeof(name));

 	if (!Rank_OpenRankings())
 	{
@ -563,7 +563,7 @@ void Rank_SetPass_f (void)
 		return;
 	}

-	SV_FixupName(name, name);
+	SV_FixupName(name, name, sizeof(name));

 	id = rankfileheader.leader;
 	while(id)
@ -592,7 +592,7 @@ int Rank_GetPass (char *name)
 		return 0;
 	}

-	SV_FixupName(name, name);
+	SV_FixupName(name, name, sizeof(name));

 	id = rankfileheader.leader;
 	while(id)