bbs/deb-goldedplus
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix and check bufer overflow in GPickArealist::do_delayed()

Browse Source
This commit is contained in:
Stas Degteff 2011-02-22 23:51:03 +00:00
parent ce9dabb83f
commit 868e4dadf5
1 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
golded3/gearea.cpp
View File

@ -113,10 +113,20 @@ void GPickArealist::do_delayed() {
Area* area = AL.AreaNoToPtr(index);
char buf[256], tmp[200];
const size_t buflen=strlen(title)+strlen(area_maybe);
const size_t tmplen=(buflen>MAXCOL?buflen:MAXCOL);
char * buf = new char[buflen+3];
buf[buflen] = '\0';
buf[buflen+1] = '\xFF';
buf[buflen+2] = '\0';
char * tmp = new char[tmplen+3];
tmp[tmplen] = '\0';
tmp[tmplen+1] = '\xFF';
tmp[tmplen+2] = '\0';
strcpy(tmp, area->echoid());
update_statuslinef("%s: %u %s, %u %s, %u %s", "", tmp, area->Msgn.Count(), (area->Msgn.Count() == 1 ? LNG->msg : LNG->msgs), area->unread, LNG->unread, area->PMrk.Count(), LNG->personal);
update_statuslinef("%s: %u %s, %u %s, %u %s", "", area->echoid(), area->Msgn.Count(),
(area->Msgn.Count() == 1 ? LNG->msg : LNG->msgs), area->unread,
LNG->unread, area->PMrk.Count(), LNG->personal);
strcpy(stpcpy(buf, title), area_maybe);
strsetsz(strcpy(tmp, buf), MAXCOL);
@ -124,6 +134,21 @@ void GPickArealist::do_delayed() {
if(CFG->switches.get(arealistpagebar))
wscrollbar(W_VERT, maximum_index+1, maximum_index, index);
if (buf[buflen] || buf[buflen+1]!='\xFF' || buf[buflen+2])
{
LOG.errpointer(__FILE__,__LINE__);
LOG.printf("! Buffer overflow: buf in GPickArealist::do_delayed(), 8 or 9 lines above");
PointerErrorExit();
}
if (tmp[tmplen] || tmp[tmplen+1]!='\xFF' || tmp[tmplen+2])
{
LOG.errpointer(__FILE__,__LINE__);
LOG.printf("! Buffer overflow: tmp in GPickArealist::do_delayed(), 15 or 16 lines above");
PointerErrorExit();
}
delete buf;
delete tmp;
}