Khaganat-NeL/khanat-opennel-code
2
0
Fork 0
Code Issues 21 Pull requests Projects Releases 1 Packages Wiki Activity

Fixed: Strings buffer overflow in config files

Browse source
This commit is contained in:
kervala 2011-06-04 14:01:32 +02:00
parent 7d0a22db81
commit 385955fffb
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
code/nel/src/misc/config_file/cf_lexical.lpp
View file

@ -27,7 +27,10 @@ using namespace NLMISC;
#define YY_NEVER_INTERACTIVE 1 #define YY_NEVER_INTERACTIVE 1
#ifdef WIN32 #ifdef WIN32
#define YY_NO_UNISTD_H 1
#include <io.h>
#define read _read #define read _read
#define isatty _isatty
#endif #endif
/* Types */ /* Types */
@ -122,6 +125,12 @@ string \"[^\"\n]*\"
if (!cf_Ignore) if (!cf_Ignore)
{ {
cflval.Val.Type = T_STRING; cflval.Val.Type = T_STRING;
if (strlen(yytext+1) >= sizeof(cflval.Val.String))
{
strcpy (cflval.Val.String, "");
DEBUG_PRINTF("lex: string '%s' exceeds max length\n", yytext);
return STRING;
}
strcpy (cflval.Val.String, yytext+1); strcpy (cflval.Val.String, yytext+1);
cflval.Val.String[strlen(cflval.Val.String)-1] = '\0'; cflval.Val.String[strlen(cflval.Val.String)-1] = '\0';
DEBUG_PRINTF("lex: string '%s' '%s'\n", yytext, cflval.Val.String); DEBUG_PRINTF("lex: string '%s' '%s'\n", yytext, cflval.Val.String);
@ -133,6 +142,12 @@ string \"[^\"\n]*\"
if (!cf_Ignore) if (!cf_Ignore)
{ {
cflval.Val.Type = T_STRING; cflval.Val.Type = T_STRING;
if (strlen(yytext+1) >= sizeof(cflval.Val.String))
{
strcpy (cflval.Val.String, "");
DEBUG_PRINTF("lex: string '%s' exceeds max length\n", yytext);
return VARIABLE;
}
strcpy (cflval.Val.String, yytext); strcpy (cflval.Val.String, yytext);
DEBUG_PRINTF("lex: variable '%s' '%s'\n", yytext, cflval.Val.String); DEBUG_PRINTF("lex: variable '%s' '%s'\n", yytext, cflval.Val.String);
return VARIABLE; return VARIABLE;