stjr/Kart-Public
0
0
Fork 0
mirror of https://git.do.srb2.org/KartKrew/Kart-Public.git synced 2024-11-10 07:12:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix strncpy nodenum length overflow

Browse source
This commit is contained in:
mazmazz 2018-12-17 21:31:00 -05:00
parent 503c75576b
commit c338115ebc
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/hu_stuff.c
View file

@ -469,7 +469,7 @@ static void DoSayCommand(SINT8 target, size_t usedargs, UINT8 flags)
const char *newmsg;
int spc = 1; // used if nodenum[1] is a space.
char *nodenum = (char*) malloc(3);
strncpy(nodenum, msg+3, 5);
strncpy(nodenum, msg+3, 3);
// check for undesirable characters in our "number"
if (((nodenum[0] < '0') || (nodenum[0] > '9')) || ((nodenum[1] < '0') || (nodenum[1] > '9')))
{
@ -977,7 +977,7 @@ static void HU_queueChatChar(INT32 c)
spc = 1; // used if nodenum[1] is a space.
nodenum = (char*) malloc(3);
strncpy(nodenum, msg+3, 5);
strncpy(nodenum, msg+3, 3);
// check for undesirable characters in our "number"
if (((nodenum[0] < '0') || (nodenum[0] > '9')) || ((nodenum[1] < '0') || (nodenum[1] > '9')))
{
@ -1679,7 +1679,7 @@ static void HU_DrawChat(void)
nodenum = (char*) malloc(3);
strncpy(nodenum, w_chat+3, 4);
strncpy(nodenum, w_chat+3, 3);
n = atoi((const char*) nodenum); // turn that into a number
// special cases: