From: PatR <rankin@nethack.org>
Date: Sun, 8 May 2016 01:39:36 +0000 (-0700)
Subject: options bit
X-Git-Tag: NetHack-3.6.1_RC01~787
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bb5f2e4964ee8784469107ef3b97519da189673d;p=nethack

options bit

I glanced over the options parsing looking for issues, and it
seems that paranoid_confirm:long-string-of-junk might have been
vulnerable.  So this fixes that.
---

diff --git a/src/options.c b/src/options.c
index bfcbba289..397c34a3a 100644
--- a/src/options.c
+++ b/src/options.c
@@ -2546,7 +2546,9 @@ boolean tinitial, tfrom_file;
         } else if ((op = string_for_opt(opts, TRUE)) != 0) {
             char *pp, buf[BUFSZ];
 
-            op = mungspaces(strcpy(buf, op));
+            strncpy(buf, op, sizeof buf - 1);
+            buf[sizeof buf - 1] = '\0';
+            op = mungspaces(buf);
             for (;;) {
                 /* We're looking to parse
                    "paranoid_confirm:whichone wheretwo whothree"
@@ -3106,8 +3108,7 @@ boolean tinitial, tfrom_file;
         if ((op = string_for_opt(opts, FALSE)) != 0) {
             if (iflags.wc_tile_file)
                 free(iflags.wc_tile_file);
-            iflags.wc_tile_file = (char *) alloc(strlen(op) + 1);
-            Strcpy(iflags.wc_tile_file, op);
+            iflags.wc_tile_file = dupstr(op);
         }
         return;
     }