From 467ee34b2fe1ca5ac159d4b1178633dc83453efc Mon Sep 17 00:00:00 2001 From: Pasi Kallinen Date: Sun, 26 Apr 2015 15:56:28 +0300 Subject: [PATCH] Prevent possible buffer overflow getlin() gets at most a BUFSZ string from user; make the buf big enough to hold that _and_ the query itself. --- src/dungeon.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/dungeon.c b/src/dungeon.c index 8c436e1c8..43f4afab1 100644 --- a/src/dungeon.c +++ b/src/dungeon.c @@ -1868,9 +1868,10 @@ donamelevel() if (!(mptr = find_mapseen(&u.uz))) return 0; if (mptr->custom) { - char qbuf[BUFSZ]; - Sprintf(qbuf, "Replace annotation \"%s\" with?", mptr->custom); - getlin(qbuf, nbuf); + const char querystr[] = "Replace annotation \"%s\" with?"; + char tmpbuf[BUFSZ + sizeof(querystr)]; + Sprintf(tmpbuf, querystr, mptr->custom); + getlin(tmpbuf, nbuf); } else getlin("What do you want to call this dungeon level?", nbuf); if (index(nbuf, '\033')) return 0;