Mercurial > hg > early-roguelike
view srogue/main.c @ 176:db1c9a21a7c3
srogue: prevent overflowing the score file name.
If SCOREFILE is not defined, roguehome() is called to find a directory
for the score file. It copies up to PATH_MAX-20 bytes from an
environment variable to a static buffer. Later these are strcpy()'d to
scorefile, which is of size LINLEN. Unfortunately LINLEN is 80 and
PATH_MAX is at least 256. On Linux, it happens to be 4096.
I haven't yet managed to crash or exploit it, but there are surely no
beneficial consequences, so roguehome() has been modified to check the
length, and the string it returns is also checked in main().
author | John "Elwin" Edwards |
---|---|
date | Sun, 02 Aug 2015 12:14:47 -0400 |
parents | 1863409c44cf |
children | 7c552cbc6ad9 |
line wrap: on
line source
/* * Rogue * Exploring the dungeons of doom * * @(#)main.c 9.0 (rdk) 7/17/84 * * Super-Rogue * Copyright (C) 1984 Robert D. Kindelberger * All rights reserved. * * Based on "Rogue: Exploring the Dungeons of Doom" * Copyright (C) 1980, 1981 Michael Toy, Ken Arnold and Glenn Wichman * All rights reserved. * * See the file LICENSE.TXT for full copyright and licensing information. */ #include <stdlib.h> #include <string.h> #include <time.h> #include <fcntl.h> #include <stdio.h> #include <limits.h> #include <sys/stat.h> #include "rogue.h" #ifdef ATT #include <time.h> #endif #ifdef BSD #include <sys/time.h> #endif #include "rogue.ext" void open_records(void); extern int scorefd; extern FILE *logfile; main(argc, argv, envp) char **argv; char **envp; { register char *env; register struct linked_list *item; register struct object *obj; char alldone, wpt; char *getpass(), *xcrypt(), *strrchr(); int lowtime; time_t now; char *roguehome(); char *homedir = roguehome(); #ifdef __DJGPP__ _fmode = O_BINARY; #endif if (homedir == NULL) homedir = ""; playuid = md_getuid(); playgid = md_getgid(); /* check for print-score option */ #ifdef SCOREFILE strncpy(scorefile, SCOREFILE, LINLEN); scorefile[LINLEN - 1] = '\0'; #else strncpy(scorefile, homedir, LINLEN-11); if (scorefile[LINLEN-12] != '\0') scorefile[0] = '\0'; if (*scorefile) strcat(scorefile,"/"); strcat(scorefile, "srogue.scr"); #endif open_records(); if(argc >= 2 && strcmp(argv[1], "-s") == 0) { showtop(0); exit(0); } #ifdef WIZARD if (argc >= 2 && author() && strcmp(argv[1],"-a") == 0) { wizard = TRUE; argv++; argc--; } /* Check to see if he is a wizard */ if (argc >= 2 && strcmp(argv[1],"-w") == 0) { if (strcmp(PASSWD, xcrypt(getpass(wizstr),"mT")) == 0) { wizard = TRUE; argv++; argc--; } } #endif time(&now); lowtime = (int) now; #ifdef SAVEDIR if (argc >= 3 && !strcmp(argv[1], "-n")) { strncpy(whoami, argv[2], LINLEN); whoami[LINLEN - 1] = '\0'; use_savedir = TRUE; if (snprintf(file_name, 256, "%s/%d-%s.srsav", SAVEDIR, playuid, whoami) >= 256) { /* Just in case it doesn't fit */ strcpy(file_name, "srogue.save"); use_savedir = FALSE; } } #endif if (!use_savedir) md_normaluser(); /* get home and options from environment */ if ((env = getenv("HOME")) != NULL) strcpy(home, env); else { strncpy(home, md_gethomedir(), LINLEN); if (home[LINLEN-1] != '\0') home[0] = '\0'; } if (strcmp(home,"/") == 0) home[0] = '\0'; if ((strlen(home) > 0) && (home[strlen(home)-1] != '/')) strcat(home, "/"); if (!use_savedir) { strcpy(file_name, home); strcat(file_name, "srogue.sav"); } if ((env = getenv("ROGUEOPTS")) != NULL) parse_opts(env); if (!use_savedir && (env == NULL || whoami[0] == '\0')) { strucpy(whoami, md_getusername(), strlen(md_getusername())); } if (env == NULL || fruit[0] == '\0') strcpy(fruit, "juicy-fruit"); if (use_savedir) { /* restore() won't return if the restore succeeded. If * file_name doesn't exist, it will return TRUE. In that * case, start a new game. */ if (!restore(file_name, envp)) exit(1); } else if (argc == 2) if(!restore(argv[1], envp)) /* NOTE: NEVER RETURNS */ exit(1); /* START NEW GAME */ dnum = (wizard && getenv("SEED") != NULL ? atoi(getenv("SEED")) : lowtime + getpid()); if(wizard) printf("Hello %s, welcome to dungeon #%d\n", whoami, dnum); else printf("Hello %s, One moment while I open the door to the dungeon...\n", whoami); fflush(stdout); seed = dnum; md_srandom(seed); /* init rnd number gen */ md_onsignal_exit(); /* just in case */ init_everything(); #ifdef __INTERIX setenv("TERM","interix"); #endif initscr(); /* Start up cursor package */ if (strcmp(termname(),"dumb") == 0) { endwin(); printf("ERROR in terminal parameters.\n"); printf("Check TERM in environment.\n"); byebye(1); } if (LINES < 24 || COLS < 80) { endwin(); printf("ERROR: screen size too small\n"); byebye(1); } if ((whoami == NULL) || (*whoami == '\0') || (strcmp(whoami,"dosuser")==0)) { echo(); mvaddstr(23,2,"Rogue's Name? "); wgetnstr(stdscr,whoami,MAXSTR); noecho(); } if ((whoami == NULL) || (*whoami == '\0')) strcpy(whoami,"Rodney"); setup(); /* Set up windows */ cw = newwin(0, 0, 0, 0); mw = newwin(0, 0, 0, 0); hw = newwin(0, 0, 0, 0); keypad(cw, 1); waswizard = wizard; /* Draw current level */ new_level(NORMLEV); /* Start up daemons and fuses */ start_daemon(status, TRUE, BEFORE); start_daemon(runners, TRUE, AFTER); /* * These daemons have been moved to AFTER because BEFORE daemons * get called every command, even invalid ones. Hopefully this * won't break anything. */ start_daemon(doctor, TRUE, AFTER); start_daemon(stomach, TRUE, AFTER); fuse(swander, TRUE, WANDERTIME); /* Give the rogue his weaponry */ do { wpt = pick_one(w_magic); switch (wpt) { case MACE: case SWORD: case TWOSWORD: case SPEAR: case TRIDENT: case SPETUM: case BARDICHE: case PIKE: case BASWORD: case HALBERD: alldone = TRUE; otherwise: alldone = FALSE; } } while(!alldone); item = new_thing(FALSE, WEAPON, wpt); obj = OBJPTR(item); obj->o_hplus = rnd(3); obj->o_dplus = rnd(3); obj->o_flags = ISKNOW; add_pack(item, TRUE); cur_weapon = obj; /* Now a bow */ item = new_thing(FALSE, WEAPON, BOW); obj = OBJPTR(item); obj->o_hplus = rnd(3); obj->o_dplus = rnd(3); obj->o_flags = ISKNOW; add_pack(item, TRUE); /* Now some arrows */ item = new_thing(FALSE, WEAPON, ARROW); obj = OBJPTR(item); obj->o_count = 25 + rnd(15); obj->o_hplus = rnd(2); obj->o_dplus = rnd(2); obj->o_flags = ISKNOW; add_pack(item, TRUE); /* And his suit of armor */ wpt = pick_one(a_magic); item = new_thing(FALSE, ARMOR, wpt); obj = OBJPTR(item); obj->o_flags = ISKNOW; obj->o_ac = armors[wpt].a_class - rnd(4); cur_armor = obj; add_pack(item, TRUE); /* Give him some food */ item = new_thing(FALSE, FOOD, 0); add_pack(item, TRUE); playit(); } /* * endit: * Exit the program abnormally. */ void endit(int a) { fatal("Ok, if you want to exit that badly, I'll have to allow it"); } /* * fatal: * Exit the program, printing a message. */ fatal(s) char *s; { clear(); refresh(); endwin(); fprintf(stderr,"%s\n\r",s); fflush(stderr); byebye(2); } /* * byebye: * Exit here and reset the users terminal parameters * to the way they were when he started */ void byebye(how) int how; { if (!isendwin()) endwin(); exit(how); /* exit like flag says */ } /* * rnd: * Pick a very random number. */ rnd(range) int range; { reg int wh; if (range == 0) wh = 0; else { wh = md_random() % range; wh &= 0x7FFFFFFF; } return wh; } /* * roll: * roll a number of dice */ roll(number, sides) int number, sides; { reg int dtotal = 0; while(number-- > 0) dtotal += rnd(sides)+1; return dtotal; } /* ** setup: Setup signal catching functions */ setup() { md_onsignal_autosave(); nonl(); cbreak(); noecho(); } /* ** playit: The main loop of the program. Loop until the game is over, ** refreshing things and looking at the proper times. */ playit() { reg char *opts; /* parse environment declaration of options */ if ((opts = getenv("ROGUEOPTS")) != NULL) parse_opts(opts); player.t_oldpos = hero; oldrp = roomin(&hero); nochange = FALSE; while (playing) command(); /* Command execution */ endit(0); } /* ** author: See if a user is an author of the program */ author() { switch (playuid) { case 100: case 0: return TRUE; default: return FALSE; } } int directory_exists(char *dirname) { struct stat sb; if (stat(dirname, &sb) == 0) /* path exists */ return (S_ISDIR (sb.st_mode)); return(0); } char * roguehome() { static char path[LINLEN+16]; char *end,*home; if ( (home = getenv("ROGUEHOME")) != NULL) { if (*home) { /* LINLEN - 11 is all that will fit into scorefile */ strncpy(path, home, LINLEN - 11); if (path[LINLEN - 12] == '\0') { end = &path[strlen(path)-1]; while( (end >= path) && ((*end == '/') || (*end == '\\'))) *end-- = '\0'; if (directory_exists(path)) return(path); } /* Otherwise home was truncated and should be ignored */ } } if (directory_exists("/var/games/roguelike")) return("/var/games/roguelike"); if (directory_exists("/var/lib/roguelike")) return("/var/lib/roguelike"); if (directory_exists("/var/roguelike")) return("/var/roguelike"); if (directory_exists("/usr/games/lib")) return("/usr/games/lib"); if (directory_exists("/games/roguelik")) return("/games/roguelik"); return(NULL); } void open_records(void) { if (scorefd < 0) scorefd = open(scorefile, O_RDWR | O_CREAT, 0666); #ifdef LOGFILE if (logfile == NULL) logfile = fopen(LOGFILE, "a"); #endif }