Mercurial > hg > early-roguelike
comparison arogue5/mdport.c @ 310:827441d05b3e
Advanced Rogue family: fix some potential buffer overflows.
Some code for determining the score file location assumed that PATH_MAX
would be less than 1024, which cannot be guaranteed.
Advanced Rogue 5 and 7, and XRogue, have had the buffers for the file
name enlarged. UltraRogue never called the functions, so the code has
been deleted instead.
author | John "Elwin" Edwards |
---|---|
date | Mon, 03 May 2021 19:05:37 -0400 |
parents | e52a8a7ad4c5 |
children |
comparison
equal
deleted
inserted
replaced
309:11aeff9acc07 | 310:827441d05b3e |
---|---|
416 } | 416 } |
417 | 417 |
418 char * | 418 char * |
419 md_getroguedir(void) | 419 md_getroguedir(void) |
420 { | 420 { |
421 static char path[1024]; | 421 static char path[PATH_MAX-20]; |
422 char *end,*home; | 422 char *end,*home; |
423 | 423 |
424 if ( (home = getenv("ROGUEHOME")) != NULL) | 424 if ( (home = getenv("ROGUEHOME")) != NULL) |
425 { | 425 { |
426 if (*home) | 426 if (*home) |
427 { | 427 { |
428 strncpy(path, home, PATH_MAX - 20); | 428 strncpy(path, home, PATH_MAX - 20); |
429 | 429 |
430 end = &path[strlen(path)-1]; | 430 if (path[PATH_MAX-21] == '\0') |
431 | 431 { |
432 while( (end >= path) && ((*end == '/') || (*end == '\\'))) | 432 |
433 *end-- = '\0'; | 433 end = &path[strlen(path)-1]; |
434 | 434 |
435 if (directory_exists(path)) | 435 while( (end >= path) && ((*end == '/') || (*end == '\\'))) |
436 return(path); | 436 *end-- = '\0'; |
437 | |
438 if (directory_exists(path)) | |
439 return(path); | |
440 } | |
437 } | 441 } |
438 } | 442 } |
439 | 443 |
440 if (directory_exists("/var/games/roguelike")) | 444 if (directory_exists("/var/games/roguelike")) |
441 return("/var/games/roguelike"); | 445 return("/var/games/roguelike"); |