nethack-gwaa-kiwi/nethack
1
0
Fork 0
Code Pull Requests Activity

Prevent possible buffer overflow

Browse Source 
getlin() gets at most a BUFSZ string from user; make the buf big
enough to hold that _and_ the query itself.
This commit is contained in:
Pasi Kallinen
2015-04-26 15:56:28 +03:00
parent 6386331148
commit 467ee34b2f
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/dungeon.c
View File

@@ -1868,9 +1868,10 @@ donamelevel()
if (!(mptr = find_mapseen(&u.uz))) return 0;
if (mptr->custom) {
char qbuf[BUFSZ];
Sprintf(qbuf, "Replace annotation \"%s\" with?", mptr->custom);
getlin(qbuf, nbuf);
const char querystr[] = "Replace annotation \"%s\" with?";
char tmpbuf[BUFSZ + sizeof(querystr)];
Sprintf(tmpbuf, querystr, mptr->custom);
getlin(tmpbuf, nbuf);
} else
getlin("What do you want to call this dungeon level?", nbuf);
if (index(nbuf, '\033')) return 0;