After thinking about the bug in do_users and do_who, i realized that there
probably were similar problems elsewhere. I spent some time looking through
the code and found several other related problems. In all of the following
cases, the variable is too short for the maximum size string that might
be copied into it, and could result in a crash or hang as the rest of the
stack is overwriten. I'm sure there are others about.
act.wizard.c
do_advance()
name and level should be increased from 100 to MAX_INPUT_LENGTH
do_show()
field and value should be increased from 40 to MAX_INPUT_LENGTH
act.offensive.c
do_order()
name should be increased from 100 to MAX_INPUT_LENGTH.
buf should be increased, changing it from 256 to (at least)
MAX_INPUT_LENGTH + 45
act.other.c
do_steal()
vict_name and obj_name should be increased from 240 to MAX_INPUT_LENGTH
ban.c
do_unban()
site should be increased from 80 to MAX_INPUT_LENGTH
modify.c
do_skillset
name and buf should be increased from 100 to MAX_INPUT_LENGTH
shop.c
shopping_sell()
name should be increased from 200 to MAX_INPUT_LENGTH
shopping_list()
name should be increased from 200 to MAX_INPUT_LENGTH
utils.c
mudlog()
buf should be increased from 256 to some number greater than
MAX_INPUT_LENGTH. This number has to be maximum size of a string
sent to the log (most i've seen is MAX_INPUT_LENGTH + ~45) plus
8 for the extra characters added on in the mudlog function.
Assuming i did find the maximums, MAX_INPUT_LENGTH + 100 should be
enough.
Eric Green
ejg3@cornell.edu
This archive was generated by hypermail 2b30 : 12/07/00 PST