From 8f66986300b1d6fa1e08858c08d40418d87bf522 Mon Sep 17 00:00:00 2001 From: "nethack.allison" Date: Sat, 10 May 2003 14:11:42 +0000 Subject: [PATCH] Pat Rankin wrote: > The `prompt' buffer in tty_yn_function still only holds QBUFSZ > characters. But fixing the tty incarnation wouldn't be good enough; > all the other interfaces would need to handle it too. I think it > should be fixed in the core instead. Prompt strings simply should > not be allowed to become so lengthy. Another step in the fight against prompt sting buffer overflows. The goes after the ones that may not have been found yet. This makes yn_function a real core function and removes the #define yn_function macro. The yn_function validates the prompt string buffer being passed prior to calling (*windowprocs.win_yn_function)(), and if necessary, truncating it and adding "...". This won't help if the overflow occurs in the core in a buffer that is still QBUFSZ in size, but it will help if a BUFSZ buffer is being passed to one of the query functions. --- include/extern.h | 1 + include/winprocs.h | 7 ++++++- src/cmd.c | 26 ++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/include/extern.h b/include/extern.h index 4c47a70b9..59c3830d6 100644 --- a/include/extern.h +++ b/include/extern.h @@ -178,6 +178,7 @@ E char NDECL(readchar); #ifdef WIZARD E void NDECL(sanity_check); #endif +E char FDECL(yn_function, (const char *, const char *, CHAR_P)); /* ### dbridge.c ### */ diff --git a/include/winprocs.h b/include/winprocs.h index 6063d283a..466a6793b 100644 --- a/include/winprocs.h +++ b/include/winprocs.h @@ -108,7 +108,6 @@ extern NEARDATA struct window_procs windowprocs; #define nh_poskey (*windowprocs.win_nh_poskey) #define nhbell (*windowprocs.win_nhbell) #define nh_doprev_message (*windowprocs.win_doprev_message) -#define yn_function (*windowprocs.win_yn_function) #define getlin (*windowprocs.win_getlin) #define get_ext_cmd (*windowprocs.win_get_ext_cmd) #define number_pad (*windowprocs.win_number_pad) @@ -122,6 +121,12 @@ extern NEARDATA struct window_procs windowprocs; #define get_color_string (*windowprocs.win_get_color_string) #endif +/* 3.4.2: There is a real yn_function() in the core now, which does + * some buffer length validation on the parameters prior to + * invoking the window port routine. yn_function() is in cmd.c + */ +/* #define yn_function (*windowprocs.win_yn_function) */ + /* other defs that really should go away (they're tty specific) */ #define start_screen (*windowprocs.win_start_screen) #define end_screen (*windowprocs.win_end_screen) diff --git a/src/cmd.c b/src/cmd.c index 38f6b7ba0..8897856cc 100644 --- a/src/cmd.c +++ b/src/cmd.c @@ -2452,5 +2452,31 @@ wiz_port_debug() # endif /*PORT_DEBUG*/ #endif /* OVL0 */ +#ifdef OVLB +/* + * Parameter validator for generic yes/no function to prevent + * the core from sending too long a prompt string to the + * window port causing a buffer overflow there. + */ +char +yn_function(query,resp, def) +const char *query,*resp; +char def; +{ + char qbuf[QBUFSZ]; + unsigned truncspot, reduction = sizeof(" [N] ?") + 1; + + if (resp) reduction += strlen(resp) + sizeof(" () "); + if (strlen(query) < (QBUFSZ - reduction)) + return (*windowprocs.win_yn_function)(query, resp, def); + paniclog("Query truncated: ", query); + reduction += sizeof("..."); + truncspot = QBUFSZ - reduction; + (void) strncpy(qbuf, query, truncspot); + qbuf[truncspot] = '\0'; + Strcat(qbuf,"..."); + return (*windowprocs.win_yn_function)(qbuf, resp, def); +} +#endif /*cmd.c*/ -- 2.40.0