From abd51ca1e4ba6bfe4680ba226df6e884b087ae00 Mon Sep 17 00:00:00 2001 From: dholland Date: Sun, 28 Jun 2009 18:59:37 +0000 Subject: Fix possible remote DoS of a running hunt game, and prevent a possible theoretical attack involving >= 1 billion ammo. --- hunt/huntd/answer.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'hunt') diff --git a/hunt/huntd/answer.c b/hunt/huntd/answer.c index 91307b3b..b2577afc 100644 --- a/hunt/huntd/answer.c +++ b/hunt/huntd/answer.c @@ -1,4 +1,4 @@ -/* $NetBSD: answer.c,v 1.9 2008/01/28 03:23:29 dholland Exp $ */ +/* $NetBSD: answer.c,v 1.10 2009/06/28 18:59:37 dholland Exp $ */ /* * Copyright (c) 1983-2003, Regents of the University of California. * All rights reserved. @@ -32,7 +32,7 @@ #include #ifndef lint -__RCSID("$NetBSD: answer.c,v 1.9 2008/01/28 03:23:29 dholland Exp $"); +__RCSID("$NetBSD: answer.c,v 1.10 2009/06/28 18:59:37 dholland Exp $"); #endif /* not lint */ # include @@ -101,6 +101,12 @@ answer() (void) read(newsock, (char *) &mode, sizeof mode); mode = ntohl(mode); + /* + * Ensure null termination. + */ + name[sizeof(name)-1] = '\0'; + Ttyname[sizeof(Ttyname)-1] = '\0'; + /* * Turn off blocking I/O, so a slow or dead terminal won't stop * the game. All subsequent reads check how many bytes they read. @@ -317,7 +323,7 @@ stplayer(newpp, enter_status) y = STAT_PLAY_ROW + 1 + (newpp - Player); for (pp = Player; pp < End_player; pp++) { if (pp != newpp) { - char smallbuf[10]; + char smallbuf[16]; pp->p_ammo += NSHOTS; newpp->p_ammo += NSHOTS; -- cgit v1.2.3-56-ge451