final qbuf patch

This is my final src mod to ensure that a qbuf does not overflow due to
a lengthy named object.  These recent patches, coupled with the core yn_function() patch earlier, should make it much rarer for a QBUFSZ
buffer overflow to occur in a window port routine (unless the window
port routine has its own bugs, but that isn't the core's fault).

diff --git a/src/lock.c b/src/lock.c
index ebd0ee0a7c3dfce621ad01982de5f49859fde4fd..4d5d333c5268fafbcfb571b627ab3aa3e5425931 100644 (file)
--- a/src/lock.c
+++ b/src/lock.c
@@ -307,7 +307,9 @@ pick_lock(pick) /* pick a lock with a given object */
                    else if (picktyp != LOCK_PICK) verb = "unlock", it = 1;
                    else verb = "pick";
                    Sprintf(qbuf, "There is %s here, %s %s?",
-                           doname(otmp), verb, it ? "it" : "its lock");
+                           safe_qbuf("", sizeof("There is  here, unlock its lock?"),
+                               doname(otmp), an(simple_typename(otmp->otyp)), "a box"),
+                           verb, it ? "it" : "its lock");
 
                    c = ynq(qbuf);
                    if(c == 'q') return(0);
@@ -469,7 +471,10 @@ doforce()          /* try to force a chest with your weapon */
                          doname(otmp), otmp->obroken ? "broken" : "unlocked");
                    continue;
                }
-               Sprintf(qbuf,"There is %s here, force its lock?", doname(otmp));
+               Sprintf(qbuf,"There is %s here, force its lock?",
+                       safe_qbuf("", sizeof("There is  here, force its lock?"),
+                               doname(otmp), an(simple_typename(otmp->otyp)),
+                               "a box"));
 
                c = ynq(qbuf);
                if(c == 'q') return(0);

diff --git a/src/mhitu.c b/src/mhitu.c
index f446da92a4b58d96d78b9279ec677e5e7501329b..4e22365d30249093ad6975320be6378268d391aa 100644 (file)
--- a/src/mhitu.c
+++ b/src/mhitu.c
@@ -2160,7 +2160,8 @@ register struct monst *mon;
            if (fem) {
                if (rn2(20) < ACURR(A_CHA)) {
                    Sprintf(qbuf, "\"That %s looks pretty.  May I have it?\"",
-                       xname(ring));
+                       safe_qbuf("",sizeof("\"That  looks pretty.  May I have it?\""),
+                       xname(ring), simple_typename(ring->otyp), "ring"));
                    makeknown(RIN_ADORNMENT);
                    if (yn(qbuf) == 'n') continue;
                } else pline("%s decides she'd like your %s, and takes it.",
@@ -2181,7 +2182,9 @@ register struct monst *mon;
                if (ring==uleft || ring==uright) continue;
                if (rn2(20) < ACURR(A_CHA)) {
                    Sprintf(qbuf,"\"That %s looks pretty.  Would you wear it for me?\"",
-                       xname(ring));
+                       safe_qbuf("",
+                           sizeof("\"That  looks pretty.  Would you wear it for me?\""),
+                           xname(ring), simple_typename(ring->otyp), "ring"));
                    makeknown(RIN_ADORNMENT);
                    if (yn(qbuf) == 'n') continue;
                } else {

diff --git a/src/trap.c b/src/trap.c
index 903d87b4f8b3fbb16d83248d997c7669f044c83e..978c06eca1209f7fc190ae4e0f002922f39befcf 100644 (file)
--- a/src/trap.c
+++ b/src/trap.c
@@ -1,4 +1,4 @@
-/*     SCCS Id: @(#)trap.c     3.4     2003/04/30      */
+/*     SCCS Id: @(#)trap.c     3.4     2003/02/10      */
 /* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */
 /* NetHack may be freely redistributed.  See license for details. */
 
@@ -1208,7 +1208,6 @@ struct trap *trap;
        /* caller may subsequently fill pit, e.g. with a boulder */
        trap->ttyp = PIT;               /* explosion creates a pit */
        trap->madeby_u = FALSE;         /* resulting pit isn't yours */
-       seetrap(trap);                  /* and it isn't concealed */
 }
 
 #endif /* OVLB */
@@ -3378,7 +3377,9 @@ boolean force;
        if(!u.dx && !u.dy) {
            for(otmp = level.objects[x][y]; otmp; otmp = otmp->nexthere)
                if(Is_box(otmp)) {
-                   Sprintf(qbuf, "There is %s here. Check it for traps?", doname(otmp));
+                   Sprintf(qbuf, "There is %s here. Check it for traps?",
+                       safe_qbuf("", sizeof("There is  here. Check it for traps?"),
+                               doname(otmp), an(simple_typename(otmp->otyp)), "a box"));
                    switch (ynq(qbuf)) {
                        case 'q': return(0);
                        case 'n': continue;