Mercurial > hg > early-roguelike
diff arogue7/mdport.c @ 310:827441d05b3e
Advanced Rogue family: fix some potential buffer overflows.
Some code for determining the score file location assumed that PATH_MAX
would be less than 1024, which cannot be guaranteed.
Advanced Rogue 5 and 7, and XRogue, have had the buffers for the file
name enlarged. UltraRogue never called the functions, so the code has
been deleted instead.
author | John "Elwin" Edwards |
---|---|
date | Mon, 03 May 2021 19:05:37 -0400 |
parents | e52a8a7ad4c5 |
children |
line wrap: on
line diff
--- a/arogue7/mdport.c Sun May 02 21:54:11 2021 -0400 +++ b/arogue7/mdport.c Mon May 03 19:05:37 2021 -0400 @@ -421,7 +421,7 @@ char * md_getroguedir(void) { - static char path[1024]; + static char path[PATH_MAX-20]; char *end,*home; if ( (home = getenv("ROGUEHOME")) != NULL) @@ -430,13 +430,16 @@ { strncpy(path, home, PATH_MAX - 20); - end = &path[strlen(path)-1]; + if (path[PATH_MAX-21] == '\0') + { + end = &path[strlen(path)-1]; - while( (end >= path) && ((*end == '/') || (*end == '\\'))) - *end-- = '\0'; + while( (end >= path) && ((*end == '/') || (*end == '\\'))) + *end-- = '\0'; - if (directory_exists(path)) - return(path); + if (directory_exists(path)) + return(path); + } } }