* cmd_chat() -- truncate input at 100 characters to prevent buffer overruns.
Also handle broken client sockets properly. (Thanks to DME for bug report)
$Log$
+Revision 1.420 1999/11/21 18:30:16 ajc
+* Protected cmd_move() from buffer overrun (no longer crashes the server)
+* cmd_chat() -- truncate input at 100 characters to prevent buffer overruns.
+ Also handle broken client sockets properly. (Thanks to DME for bug report)
+
Revision 1.419 1999/11/19 01:57:40 ajc
* Fixed a *serious* memory leak in the database function wrappers.
* Updated version number to 5.60 -- run setup when installing this version.
Fri Jul 10 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
* Initial CVS import
+
void cmd_move(char *args)
{
long num;
- char targ[32];
+ char targ[256];
struct quickroom qtemp;
int err;
int is_copy = 0;
num = extract_long(args, 0);
extract(targ, args, 1);
+ targ[ROOMNAMELEN - 1] = 0;
is_copy = extract_int(args, 2);
getuser(&CC->usersupp, CC->curr_user);
ChatQueue = ChatQueue->next;
phree(clptr);
}
- DONE_FREEING:end_critical_section(S_CHATQUEUE);
+DONE_FREEING:
+ end_critical_section(S_CHATQUEUE);
}
while (1) {
int ok_cmd;
+ int linelen;
ok_cmd = 0;
- cmdbuf[strlen(cmdbuf) + 1] = 0;
- retval = client_read_to(&cmdbuf[strlen(cmdbuf)], 1, 2);
+ linelen = strlen(cmdbuf);
+ if (linelen > 100) --linelen; /* truncate too-long lines */
+ cmdbuf[linelen + 1] = 0;
+
+ retval = client_read_to(&cmdbuf[linelen], 1, 2);
+
+ if (retval < 0) { /* socket broken? */
+ if ((CC->cs_flags & CS_STEALTH) == 0) {
+ allwrite("<disconnected>", 0,
+ CC->chat_room, NULL);
+ }
+ return;
+ }
/* if we have a complete line, do send processing */
if (strlen(cmdbuf) > 0)
* Return values are:
* 1 Requested number of bytes has been read.
* 0 Request timed out.
- * If the socket breaks, the session is immediately terminated.
+ * -1 The socket is broken.
+ * If the socket breaks, the session will be terminated.
*/
int client_read_to(char *buf, int bytes, int timeout)
{