From 3dc0939b40960f1a3e0c7ff9d68849e2dff0ccd7 Mon Sep 17 00:00:00 2001 From: Night Owl Date: Fri, 21 Jul 2017 00:00:38 +0500 Subject: [PATCH] Prevent buffer overflow. --- cl_dll/text_message.cpp | 39 ++++++++++++++++++--------------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/cl_dll/text_message.cpp b/cl_dll/text_message.cpp index 9452cebb..b959fc87 100644 --- a/cl_dll/text_message.cpp +++ b/cl_dll/text_message.cpp @@ -162,42 +162,39 @@ int CHudTextMessage::MsgFunc_TextMsg( const char *pszName, int iSize, void *pbuf int msg_dest = READ_BYTE(); - static char szBuf[6][128]; - const char *msg_text = LookupString( READ_STRING(), &msg_dest ); - msg_text = strcpy( szBuf[0], msg_text ); +#define MSG_BUF_SIZE 128 + char szBuf[6][MSG_BUF_SIZE]; + + strncpy( szBuf[0], LookupString( READ_STRING(), &msg_dest ), MSG_BUF_SIZE - 1 ); + szBuf[0][MSG_BUF_SIZE - 1] = '\0'; + + for( int i = 1; i <= 4; i++ ) + { + // keep reading strings and using C format strings for subsituting the strings into the localised text string + strncpy( szBuf[i], LookupString( READ_STRING() ), MSG_BUF_SIZE - 1 ); + szBuf[i][MSG_BUF_SIZE - 1] = '\0'; + StripEndNewlineFromString( szBuf[i] ); // these strings are meant for subsitution into the main strings, so cull the automatic end newlines + } - // keep reading strings and using C format strings for subsituting the strings into the localised text string - const char *sstr1 = LookupString( READ_STRING() ); - sstr1 = strcpy( szBuf[1], sstr1 ); - StripEndNewlineFromString( (char*)sstr1 ); // these strings are meant for subsitution into the main strings, so cull the automatic end newlines - const char *sstr2 = LookupString( READ_STRING() ); - sstr2 = strcpy( szBuf[2], sstr2 ); - StripEndNewlineFromString( (char*)sstr2 ); - const char *sstr3 = LookupString( READ_STRING() ); - sstr3 = strcpy( szBuf[3], sstr3 ); - StripEndNewlineFromString( (char*)sstr3 ); - const char *sstr4 = LookupString( READ_STRING() ); - sstr4 = strcpy( szBuf[4], sstr4 ); - StripEndNewlineFromString( (char*)sstr4 ); char *psz = szBuf[5]; switch( msg_dest ) { case HUD_PRINTCENTER: - sprintf( psz, msg_text, sstr1, sstr2, sstr3, sstr4 ); + snprintf( psz, MSG_BUF_SIZE, szBuf[0], szBuf[1], szBuf[2], szBuf[3], szBuf[4] ); CenterPrint( ConvertCRtoNL( psz ) ); break; case HUD_PRINTNOTIFY: psz[0] = 1; // mark this message to go into the notify buffer - sprintf( psz + 1, msg_text, sstr1, sstr2, sstr3, sstr4 ); + snprintf( psz + 1, MSG_BUF_SIZE - 1, szBuf[0], szBuf[1], szBuf[2], szBuf[3], szBuf[4] ); ConsolePrint( ConvertCRtoNL( psz ) ); break; case HUD_PRINTTALK: - sprintf( psz, msg_text, sstr1, sstr2, sstr3, sstr4 ); - gHUD.m_SayText.SayTextPrint( ConvertCRtoNL( psz ), 128 ); + snprintf( psz, MSG_BUF_SIZE, szBuf[0], szBuf[1], szBuf[2], szBuf[3], szBuf[4] ); + gHUD.m_SayText.SayTextPrint( ConvertCRtoNL( psz ), MSG_BUF_SIZE ); break; case HUD_PRINTCONSOLE: - sprintf( psz, msg_text, sstr1, sstr2, sstr3, sstr4 ); + snprintf( psz, MSG_BUF_SIZE, szBuf[0], szBuf[1], szBuf[2], szBuf[3], szBuf[4] ); ConsolePrint( ConvertCRtoNL( psz ) ); break; }