thirdpartymirrors/RingRacers
1
0
Fork 0
mirror of https://github.com/KartKrewDev/RingRacers.git synced 2025-10-30 08:01:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

readfollower: Fix plenty of memory unsafety

Browse source 
- Fix uninitialised memory usage caused by goofy delayed strcpy
- Use strlcpy instead of strcpy for unknown length sources, just for additional memory safety
- Remove opportunity for printing a number of more than one digit into a buffer only two chars long
This commit is contained in:
toaster 2023-01-05 19:30:13 +00:00
parent 4520d56fa3
commit afafdea14b
1 changed files with 18 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
src/deh_soc.c
View file

@ -3213,12 +3213,12 @@ void readfollower(MYFILE *f)
if (fastcmp(word, "NAME")) if (fastcmp(word, "NAME"))
{ {
strcpy(followers[numfollowers].name, word2); strlcpy(followers[numfollowers].name, word2, SKINNAMESIZE+1);
nameset = true; nameset = true;
} }
else if (fastcmp(word, "ICON")) else if (fastcmp(word, "ICON"))
{ {
strcpy(followers[numfollowers].icon, word2); strlcpy(followers[numfollowers].icon, word2, 8+1);
nameset = true; nameset = true;
} }
else if (fastcmp(word, "CATEGORY")) else if (fastcmp(word, "CATEGORY"))
@ -3362,30 +3362,26 @@ void readfollower(MYFILE *f)
if (!nameset) if (!nameset)
{ {
// well this is problematic. // well this is problematic.
strcpy(followers[numfollowers].name, va("Follower%d", numfollowers)); // this is lazy, so what strlcpy(followers[numfollowers].name, va("Follower%d", numfollowers), SKINNAMESIZE+1);
strcpy(testname, followers[numfollowers].name);
} }
else
// set skin name (this is just the follower's name in lowercases):
// but before we do, let's... actually check if another follower isn't doing the same shit...
res = K_FollowerAvailable(testname);
if (res > -1) // yikes, someone else has stolen our name already
{ {
INT32 startlen = strlen(testname); strcpy(testname, followers[numfollowers].name);
char cpy[2];
//deh_warning("There was already a follower with the same name. (%s)", testname); This warning probably isn't necessary anymore?
sprintf(cpy, "%d", numfollowers);
memcpy(&testname[startlen], cpy, 2);
// in that case, we'll be very lazy and copy numfollowers to the end of our skin name.
}
strcpy(testname, followers[numfollowers].name); // now that the skin name is ready, post process the actual name to turn the underscores into spaces!
for (i = 0; followers[numfollowers].name[i]; i++)
{
if (followers[numfollowers].name[i] == '_')
followers[numfollowers].name[i] = ' ';
}
// now that the skin name is ready, post process the actual name to turn the underscores into spaces! res = K_FollowerAvailable(followers[numfollowers].name);
for (i = 0; followers[numfollowers].name[i]; i++) if (res > -1) // yikes, someone else has stolen our name already
{ {
if (followers[numfollowers].name[i] == '_') deh_warning("Follower%d: Name \"%s\" already in use!", numfollowers, testname);
followers[numfollowers].name[i] = ' '; strlcpy(followers[numfollowers].name, va("Follower%d", numfollowers), SKINNAMESIZE+1);
}
} }
// fallbacks for variables // fallbacks for variables