From fc7a2f55570612c94a0717d1b301b9de07834428 Mon Sep 17 00:00:00 2001 From: Chase Bradley Date: Thu, 16 Oct 2025 18:24:11 -0400 Subject: [PATCH] Fix buffer overruns in update checker's network-facing code. (#888) * fix buffer overrun when formatting remote version string * fix buffer overrun when null-terminating the latest version string * Update update_checker.c --------- Co-authored-by: PeachyPeach <72323920+PeachyPeachSM64@users.noreply.github.com> --- src/pc/update_checker.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/pc/update_checker.c b/src/pc/update_checker.c index 1613c80f1..7709724c0 100644 --- a/src/pc/update_checker.c +++ b/src/pc/update_checker.c @@ -46,11 +46,13 @@ size_t write_callback(char *ptr, size_t size, size_t nmemb, void *userdata) { void parse_version(const char *data) { const char *version = strstr(data, VERSION_IDENTIFIER); if (version == NULL) { return; } - u8 len = strlen(VERSION_IDENTIFIER); + size_t len = strlen(VERSION_IDENTIFIER); version += len; const char *end = strchr(version, '"'); - memcpy(sRemoteVersion, version, end - version); - sRemoteVersion[end - version] = '\0'; + size_t versionLength = (size_t)(end - version); + if (versionLength > sizeof(sRemoteVersion) - 1) { return; } + memcpy(sRemoteVersion, version, versionLength); + sRemoteVersion[versionLength] = '\0'; } // function to download a text file from the internet @@ -80,9 +82,9 @@ void get_version_remote(void) { DWORD dwSize = sizeof(contentLength); HttpQueryInfo(hUrl, HTTP_QUERY_CONTENT_LENGTH | HTTP_QUERY_FLAG_NUMBER, &contentLength, &dwSize, NULL); - // read data from the URL + // read data from the URL, making room in the buffer for the null-terminator DWORD bytesRead; - if (!InternetReadFile(hUrl, buffer, sizeof(buffer), &bytesRead)) { + if (!InternetReadFile(hUrl, buffer, sizeof(buffer) - 1, &bytesRead)) { printf("Failed to check for updates!\n"); InternetCloseHandle(hInternet); InternetCloseHandle(hUrl);