Advanced Rogue family: fix some potential buffer overflows.
Some code for determining the score file location assumed that PATH_MAX would be less than 1024, which cannot be guaranteed. Advanced Rogue 5 and 7, and XRogue, have had the buffers for the file name enlarged. UltraRogue never called the functions, so the code has been deleted instead.
This commit is contained in:
John "Elwin" Edwards
parent
2b6d8bcb77
commit
3dfd8fd09b
13 changed files with 51 additions and 78 deletions
|
|
@ -3301,7 +3301,7 @@ directory_exists(char *dirname)
|
|||
char *
|
||||
md_getroguedir(void)
|
||||
{
|
||||
static char path[1024];
|
||||
static char path[PATH_MAX-20];
|
||||
char *end,*home;
|
||||
|
||||
if ( (home = getenv("ROGUEHOME")) != NULL)
|
||||
|
|
@ -3310,14 +3310,17 @@ md_getroguedir(void)
|
|||
{
|
||||
strncpy(path, home, PATH_MAX - 20);
|
||||
|
||||
end = &path[strlen(path)-1];
|
||||
if (path[PATH_MAX-21] == '\0')
|
||||
{
|
||||
end = &path[strlen(path)-1];
|
||||
|
||||
|
||||
while( (end >= path) && ((*end == '/') || (*end == '\\')))
|
||||
*end-- = '\0';
|
||||
while( (end >= path) && ((*end == '/') || (*end == '\\')))
|
||||
*end-- = '\0';
|
||||
|
||||
if (directory_exists(path))
|
||||
return(path);
|
||||
if (directory_exists(path))
|
||||
return(path);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue