promote, demote: bounds checking, remove intermediate buffer

- Check playernum is in range [0, MAXPLAYERS-1] - Do not copy string to intermediate buffer
2025-10-30 08:01:28 +00:00 · 2024-02-09 06:50:12 -08:00 · 2024-02-09 06:50:12 -08:00 · 10800f307c
commit 10800f307c
parent da84a94362
1 changed files with 10 additions and 24 deletions
--- a/src/d_netcmd.c
+++ b/src/d_netcmd.c
@ -3861,10 +3861,6 @@ void RemoveAdminPlayer(INT32 playernum)
 static void Command_Verify_f(void)
 {
 	char buf[8]; // Should be plenty
 	char *temp;
 	INT32 playernum;
 	if (client)
 	{
 		CONS_Printf(M_GetText("Only the server can use this.\n"));
@ -3883,16 +3879,13 @@ static void Command_Verify_f(void)
 		return;
 	}
-	strlcpy(buf, COM_Argv(1), sizeof (buf));
+	INT32 playernum = atoi(COM_Argv(1));
-	playernum = atoi(buf);
+	if (playernum >= 0 && playernum < MAXPLAYERS && playeringame[playernum])
-
+	{
-	temp = buf;
+		UINT8 buf[1] = {playernum};
 	WRITEUINT8(temp, playernum);
 	if (playeringame[playernum])
 		SendNetXCmd(XD_VERIFIED, buf, 1);
 	}
 }
 static void Got_Verification(UINT8 **cp, INT32 playernum)
@ -3917,10 +3910,6 @@ static void Got_Verification(UINT8 **cp, INT32 playernum)
 static void Command_RemoveAdmin_f(void)
 {
 	char buf[8]; // Should be plenty
 	char *temp;
 	INT32 playernum;
 	if (client)
 	{
 		CONS_Printf(M_GetText("Only the server can use this.\n"));
@ -3933,16 +3922,13 @@ static void Command_RemoveAdmin_f(void)
 		return;
 	}
-	strlcpy(buf, COM_Argv(1), sizeof(buf));
+	INT32 playernum = atoi(COM_Argv(1));
-	playernum = atoi(buf);
+	if (playernum >= 0 && playernum < MAXPLAYERS && playeringame[playernum])
-
+	{
-	temp = buf;
+		UINT8 buf[1] = {playernum};
 	WRITEUINT8(temp, playernum);
 	if (playeringame[playernum])
 		SendNetXCmd(XD_DEMOTED, buf, 1);
 	}
 }
 static void Got_Removal(UINT8 **cp, INT32 playernum)