maelstrom (1.4.3-L3.0.6-8.1) Maelstrom-netd.c

Summary

 Maelstrom-netd.c |   19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

    
download this patch

Patch contents

--- maelstrom-1.4.3-L3.0.6.orig/Maelstrom-netd.c
+++ maelstrom-1.4.3-L3.0.6/Maelstrom-netd.c
@@ -2,6 +2,7 @@
 /* Here we go... */
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <signal.h>
 #include <errno.h>
@@ -48,7 +49,7 @@
 		(void) free(players[which].packet);
 	close(players[which].sockfd);
 	players[which].state = UNCONNECTED;
-printf("Player on slot %d has been disconnected.\n", which);
+	printf("Player on slot %d has been disconnected.\n", which);
 }
 
 void SendError(int which, char *message)
@@ -63,8 +64,8 @@
 	}
 	mesgbuf[0] = mesglen;
 	mesgbuf[1] = NET_ABORT;
-	strcpy((char *)&mesgbuf[2], message);
-printf("Sending error '%s' to player in slot %d\n", message, which);
+	strncpy((char *)&mesgbuf[2], message, sizeof(mesgbuf)-2);
+	printf("Sending error '%s' to player in slot %d\n", message, which);
 	(void) write(players[which].sockfd, mesgbuf, mesglen);
 
 	DisconnectPlayer(which);
@@ -124,9 +125,9 @@
 		if ( players[i].state != ACTIVE )
 			continue;
 		if ( players[i].numplayers != numplayers ) {
-			sprintf(buffer,
-				"There are %d, not %d players in this game",
-					numplayers, players[i].numplayers);
+		  snprintf(buffer, sizeof(buffer),
+			   "There are %d, not %d players in this game",
+			   numplayers, players[i].numplayers);
 			SendError(i, (char *)buffer);
 		}
 	}
@@ -154,11 +155,11 @@
 		for ( i=0; i<numplayers; ++i ) {
 			connection *player = &players[positions[i]];
 
-			strcpy(ptr, (char *)inet_ntoa(player->raddr.sin_addr));
+			strncpy(ptr, (char *)inet_ntoa(player->raddr.sin_addr), (BUFSIZ-len));
 printf("Setting up player %d at host %s and port ", i+1, ptr);
 			len += strlen(ptr)+1;
 			ptr += strlen(ptr)+1;
-			sprintf(ptr, "%d", ntohs(player->raddr.sin_port));
+			snprintf(ptr, (BUFSIZ-len), "%d", ntohs(player->raddr.sin_port));
 printf("%s\n", ptr);
 			len += strlen(ptr)+1;
 			ptr += strlen(ptr)+1;
@@ -342,7 +343,7 @@
 			if ( i != MAX_CONNECTIONS ) {
 				char message[BUFSIZ];
 
-				sprintf(message, "Player %d is already on!",
+				snprintf(message, sizeof(message), "Player %d is already on!",
 								player+1);
 				SendError(slot, message);
 				continue;