From: nethack.allison Date: Sat, 10 May 2003 21:11:16 +0000 (+0000) Subject: final qbuf patch X-Git-Tag: MOVE2GIT~2005 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6f56da52610e8cfcd217d679abf0b8ce3f3ede18;p=nethack final qbuf patch This is my final src mod to ensure that a qbuf does not overflow due to a lengthy named object. These recent patches, coupled with the core yn_function() patch earlier, should make it much rarer for a QBUFSZ buffer overflow to occur in a window port routine (unless the window port routine has its own bugs, but that isn't the core's fault). --- diff --git a/src/lock.c b/src/lock.c index ebd0ee0a7..4d5d333c5 100644 --- a/src/lock.c +++ b/src/lock.c @@ -307,7 +307,9 @@ pick_lock(pick) /* pick a lock with a given object */ else if (picktyp != LOCK_PICK) verb = "unlock", it = 1; else verb = "pick"; Sprintf(qbuf, "There is %s here, %s %s?", - doname(otmp), verb, it ? "it" : "its lock"); + safe_qbuf("", sizeof("There is here, unlock its lock?"), + doname(otmp), an(simple_typename(otmp->otyp)), "a box"), + verb, it ? "it" : "its lock"); c = ynq(qbuf); if(c == 'q') return(0); @@ -469,7 +471,10 @@ doforce() /* try to force a chest with your weapon */ doname(otmp), otmp->obroken ? "broken" : "unlocked"); continue; } - Sprintf(qbuf,"There is %s here, force its lock?", doname(otmp)); + Sprintf(qbuf,"There is %s here, force its lock?", + safe_qbuf("", sizeof("There is here, force its lock?"), + doname(otmp), an(simple_typename(otmp->otyp)), + "a box")); c = ynq(qbuf); if(c == 'q') return(0); diff --git a/src/mhitu.c b/src/mhitu.c index f446da92a..4e22365d3 100644 --- a/src/mhitu.c +++ b/src/mhitu.c @@ -2160,7 +2160,8 @@ register struct monst *mon; if (fem) { if (rn2(20) < ACURR(A_CHA)) { Sprintf(qbuf, "\"That %s looks pretty. May I have it?\"", - xname(ring)); + safe_qbuf("",sizeof("\"That looks pretty. May I have it?\""), + xname(ring), simple_typename(ring->otyp), "ring")); makeknown(RIN_ADORNMENT); if (yn(qbuf) == 'n') continue; } else pline("%s decides she'd like your %s, and takes it.", @@ -2181,7 +2182,9 @@ register struct monst *mon; if (ring==uleft || ring==uright) continue; if (rn2(20) < ACURR(A_CHA)) { Sprintf(qbuf,"\"That %s looks pretty. Would you wear it for me?\"", - xname(ring)); + safe_qbuf("", + sizeof("\"That looks pretty. Would you wear it for me?\""), + xname(ring), simple_typename(ring->otyp), "ring")); makeknown(RIN_ADORNMENT); if (yn(qbuf) == 'n') continue; } else { diff --git a/src/trap.c b/src/trap.c index 903d87b4f..978c06eca 100644 --- a/src/trap.c +++ b/src/trap.c @@ -1,4 +1,4 @@ -/* SCCS Id: @(#)trap.c 3.4 2003/04/30 */ +/* SCCS Id: @(#)trap.c 3.4 2003/02/10 */ /* Copyright (c) Stichting Mathematisch Centrum, Amsterdam, 1985. */ /* NetHack may be freely redistributed. See license for details. */ @@ -1208,7 +1208,6 @@ struct trap *trap; /* caller may subsequently fill pit, e.g. with a boulder */ trap->ttyp = PIT; /* explosion creates a pit */ trap->madeby_u = FALSE; /* resulting pit isn't yours */ - seetrap(trap); /* and it isn't concealed */ } #endif /* OVLB */ @@ -3378,7 +3377,9 @@ boolean force; if(!u.dx && !u.dy) { for(otmp = level.objects[x][y]; otmp; otmp = otmp->nexthere) if(Is_box(otmp)) { - Sprintf(qbuf, "There is %s here. Check it for traps?", doname(otmp)); + Sprintf(qbuf, "There is %s here. Check it for traps?", + safe_qbuf("", sizeof("There is here. Check it for traps?"), + doname(otmp), an(simple_typename(otmp->otyp)), "a box")); switch (ynq(qbuf)) { case 'q': return(0); case 'n': continue;