stjr/SRB2
0
0
Fork 0
mirror of https://git.do.srb2.org/STJr/SRB2.git synced 2024-11-15 09:11:48 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix strncpy nodenum length overflow

Browse source
This commit is contained in:
mazmazz 2018-12-17 21:31:00 -05:00
parent 876ddd48f1
commit 1fcf607b41
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/hu_stuff.c
View file

@ -459,7 +459,7 @@ static void DoSayCommand(SINT8 target, size_t usedargs, UINT8 flags)
char *nodenum = (char*) malloc(3);
INT32 spc = 1; // used if nodenum[1] is a space.
strncpy(nodenum, msg+3, 5);
strncpy(nodenum, msg+3, 3);
// check for undesirable characters in our "number"
if (((nodenum[0] < '0') || (nodenum[0] > '9')) || ((nodenum[1] < '0') || (nodenum[1] > '9')))
{
@ -953,7 +953,7 @@ static void HU_queueChatChar(char c)
return;
}
strncpy(nodenum, msg+3, 5);
strncpy(nodenum, msg+3, 3);
// check for undesirable characters in our "number"
if (((nodenum[0] < '0') || (nodenum[0] > '9')) || ((nodenum[1] < '0') || (nodenum[1] > '9')))
{
@ -1692,7 +1692,7 @@ static void HU_DrawChat(void)
nodenum = (char*) malloc(3);
strncpy(nodenum, w_chat+3, 4);
strncpy(nodenum, w_chat+3, 3);
n = atoi((const char*) nodenum); // turn that into a number
// special cases: