From 79dfdb3cd71a44ec3cd8e1dab15263837381cbbf Mon Sep 17 00:00:00 2001 From: Magnus Auvinen Date: Mon, 11 Feb 2008 21:49:26 +0000 Subject: security audit: first batch of fixes. replaced sprintf, strcpy with more secure versions --- src/game/client/gc_client.cpp | 55 +++++++++++++++++----------------------- src/game/client/gc_console.cpp | 10 ++++---- src/game/client/gc_map_image.cpp | 2 +- src/game/client/gc_menu.cpp | 28 ++++++++++---------- src/game/client/gc_skin.cpp | 2 +- 5 files changed, 44 insertions(+), 53 deletions(-) (limited to 'src/game/client') diff --git a/src/game/client/gc_client.cpp b/src/game/client/gc_client.cpp index d891ec84..b8ffac09 100644 --- a/src/game/client/gc_client.cpp +++ b/src/game/client/gc_client.cpp @@ -224,8 +224,8 @@ void chat_add_line(int client_id, int team, const char *line) if(client_id == -1) // server message { - strcpy(chat_lines[chat_current_line].name, "*** "); - sprintf(chat_lines[chat_current_line].text, "%s", line); + str_copy(chat_lines[chat_current_line].name, "*** ", sizeof(chat_lines[chat_current_line].name)); + str_format(chat_lines[chat_current_line].text, sizeof(chat_lines[chat_current_line].text), "%s", line); } else { @@ -240,8 +240,8 @@ void chat_add_line(int client_id, int team, const char *line) chat_lines[chat_current_line].name_color = 1; } - strcpy(chat_lines[chat_current_line].name, client_datas[client_id].name); - sprintf(chat_lines[chat_current_line].text, ": %s", line); + str_copy(chat_lines[chat_current_line].name, client_datas[client_id].name, sizeof(chat_lines[chat_current_line].name)); + str_format(chat_lines[chat_current_line].text, sizeof(chat_lines[chat_current_line].text), ": %s", line); } } @@ -529,13 +529,13 @@ void render_goals(float x, float y, float w) if(gameobj && gameobj->time_limit) { char buf[64]; - sprintf(buf, "Time Limit: %d min", gameobj->time_limit); + str_format(buf, sizeof(buf), "Time Limit: %d min", gameobj->time_limit); gfx_text(0, x+w/2, y, 24.0f, buf, -1); } if(gameobj && gameobj->score_limit) { char buf[64]; - sprintf(buf, "Score Limit: %d", gameobj->score_limit); + str_format(buf, sizeof(buf), "Score Limit: %d", gameobj->score_limit); gfx_text(0, x+40, y, 24.0f, buf, -1); } } @@ -546,7 +546,7 @@ void render_spectators(float x, float y, float w) int count = 0; float h = 120.0f; - strcpy(buffer, "Spectators: "); + str_copy(buffer, sizeof(buffer), "Spectators: "); gfx_blend_normal(); gfx_texture_set(-1); @@ -614,7 +614,7 @@ void render_scoreboard(float x, float y, float w, int team, const char *title) if(gameobj) { char buf[128]; - sprintf(buf, "%d", gameobj->teamscore[team&1]); + str_format(buf, buf, "%d", gameobj->teamscore[team&1]); tw = gfx_text_width(0, 48, buf, -1); gfx_text(0, x+w-tw-30, y, 48, buf, -1); } @@ -622,15 +622,6 @@ void render_scoreboard(float x, float y, float w, int team, const char *title) y += 54.0f; - /* - if(team) - { - char buf[128]; - sprintf(buf, "%4d", gameobj->teamscore[team&1]); - gfx_text(0, x+w/2-tw/2, y, 32, buf, -1); - }*/ - - // find players const obj_player_info *players[MAX_CLIENTS] = {0}; int num_players = 0; @@ -687,18 +678,18 @@ void render_scoreboard(float x, float y, float w, int team, const char *title) gfx_quads_end(); } - sprintf(buf, "%4d", info->score); + str_format(buf, sizeof(buf), "%4d", info->score); gfx_text(0, x+60-gfx_text_width(0, font_size,buf,-1), y, font_size, buf, -1); if(config.cl_show_player_ids) { - sprintf(buf, "%d | %s", info->clientid, client_datas[info->clientid].name); + str_format(buf, sizeof(buf), "%d | %s", info->clientid, client_datas[info->clientid].name); gfx_text(0, x+128, y, font_size, buf, -1); } else gfx_text(0, x+128, y, font_size, client_datas[info->clientid].name, -1); - sprintf(buf, "%4d", info->latency); + str_format(buf, sizeof(buf), "%4d", info->latency); float tw = gfx_text_width(0, font_size, buf, -1); gfx_text(0, x+w-tw-35, y, font_size, buf, -1); @@ -1257,15 +1248,15 @@ void render_game() // render chat input char buf[sizeof(chat_input)+16]; if(chat_mode == CHATMODE_ALL) - sprintf(buf, "All: %s_", chat_input); + str_format(buf, sizeof(buf), "All: %s_", chat_input); else if(chat_mode == CHATMODE_TEAM) - sprintf(buf, "Team: %s_", chat_input); + str_format(buf, sizeof(buf), "Team: %s_", chat_input); else if(chat_mode == CHATMODE_CONSOLE) - sprintf(buf, "Console: %s_", chat_input); + str_format(buf, sizeof(buf), "Console: %s_", chat_input); else if(chat_mode == CHATMODE_REMOTECONSOLE) - sprintf(buf, "Rcon: %s_", chat_input); + str_format(buf, sizeof(buf), "Rcon: %s_", chat_input); else - sprintf(buf, "Chat: %s_", chat_input); + str_format(buf, sizeof(buf), "Chat: %s_", chat_input); gfx_text(0, x, y, 8.0f, buf, 380); starty = y; } @@ -1336,7 +1327,7 @@ void render_game() else time = (client_tick()-gameobj->round_start_tick)/client_tickspeed(); - sprintf(buf, "%d:%02d", time /60, time %60); + str_format(buf, sizeof(buf), "%d:%02d", time /60, time %60); float w = gfx_text_width(0, 16, buf, -1); gfx_text(0, half-w/2, 2, 16, buf, -1); } @@ -1364,7 +1355,7 @@ void render_game() gfx_quads_end(); char buf[32]; - sprintf(buf, "%d", gameobj->teamscore[t]); + str_format(buf, sizeof(buf), "%d", gameobj->teamscore[t]); float w = gfx_text_width(0, 14, buf, -1); if(gametype == GAMETYPE_CTF) @@ -1413,9 +1404,9 @@ void render_game() int seconds = gameobj->warmup/SERVER_TICK_SPEED; if(seconds < 5) - sprintf(buf, "%d.%d", seconds, (gameobj->warmup*10/SERVER_TICK_SPEED)%10); + str_format(buf, sizeof(buf), "%d.%d", seconds, (gameobj->warmup*10/SERVER_TICK_SPEED)%10); else - sprintf(buf, "%d", seconds); + str_format(buf, sizeof(buf), "%d", seconds); w = gfx_text_width(0, 24, buf, -1); gfx_text(0, 150*gfx_screenaspect()+-w/2, 75, 24, buf, -1); } @@ -1456,7 +1447,7 @@ void render_game() vec2(local_character->x, local_character->y)); char buf[512]; - sprintf(buf, "%.2f", speed/2); + str_format(buf, sizeof(buf), "%.2f", speed/2); gfx_text(0, 150, 50, 12, buf, -1); } @@ -1545,12 +1536,12 @@ void render_game() float w; float x = 5.0f; - sprintf(buf, "%.2f", standard); + str_format(buf, sizeof(buf), "%.2f", standard); x += 20.0f; w = gfx_text_width(0, 5, buf, -1); gfx_text(0x0, x-w, y+count*6, 5, buf, -1); - sprintf(buf, "%.2f", current); + str_format(buf, sizeof(buf), "%.2f", current); x += 20.0f; w = gfx_text_width(0, 5, buf, -1); gfx_text(0x0, x-w, y+count*6, 5, buf, -1); diff --git a/src/game/client/gc_console.cpp b/src/game/client/gc_console.cpp index fffe61ab..75c20e15 100644 --- a/src/game/client/gc_console.cpp +++ b/src/game/client/gc_console.cpp @@ -52,7 +52,7 @@ static void client_console_print(const char *str) len = 255; char *entry = (char *)ringbuf_allocate(console_backlog, len+1); - memcpy(entry, str, len+1); + mem_copy(entry, str, len+1); } @@ -137,7 +137,7 @@ void console_handle_input() if (console_input_len) { char *entry = (char *)ringbuf_allocate(console_history, console_input_len+1); - memcpy(entry, console_input, console_input_len+1); + mem_copy(entry, console_input, console_input_len+1); console_execute(console_input); console_input[0] = 0; @@ -163,7 +163,7 @@ void console_handle_input() unsigned int len = strlen(console_history_entry); if (len < sizeof(console_input) - 1) { - memcpy(console_input, console_history_entry, len+1); + mem_copy(console_input, console_history_entry, len+1); console_input_len = len; } @@ -180,7 +180,7 @@ void console_handle_input() unsigned int len = strlen(console_history_entry); if (len < sizeof(console_input) - 1) { - memcpy(console_input, console_history_entry, len+1); + mem_copy(console_input, console_history_entry, len+1); console_input_len = len; } @@ -304,7 +304,7 @@ void console_render() gfx_text(0, x+prompt_width+width+1, y, font_size, "_", -1); char buf[64]; - sprintf(buf, "Teewars v%s", TEEWARS_VERSION); + str_format(buf, sizeof(buf), "Teewars v%s", TEEWARS_VERSION); float version_width = gfx_text_width(0, font_size, buf, -1); gfx_text(0, screen.w-version_width-5, y, font_size, buf, -1); diff --git a/src/game/client/gc_map_image.cpp b/src/game/client/gc_map_image.cpp index 174a412e..664a867a 100644 --- a/src/game/client/gc_map_image.cpp +++ b/src/game/client/gc_map_image.cpp @@ -110,7 +110,7 @@ int img_init() { char buf[256]; char *name = (char *)map_get_data(img->image_name); - sprintf(buf, "data/mapres/%s.png", name); + str_format(buf, sizeof(buf), "data/mapres/%s.png", name); map_textures[i] = gfx_load_texture(buf, IMG_AUTO); } else diff --git a/src/game/client/gc_menu.cpp b/src/game/client/gc_menu.cpp index 633c44da..51333288 100644 --- a/src/game/client/gc_menu.cpp +++ b/src/game/client/gc_menu.cpp @@ -171,7 +171,7 @@ static void ui_draw_checkbox(const void *id, const char *text, int checked, cons static void ui_draw_checkbox_number(const void *id, const char *text, int checked, const RECT *r, const void *extra) { char buf[16]; - sprintf(buf, "%d", checked); + str_format(buf, sizeof(buf), "%d", checked); ui_draw_checkbox_common(id, text, buf, r); } @@ -882,12 +882,12 @@ static void menu2_render_serverbrowser(RECT main_view) ui_do_label(&button, item->map, 12.0f, -1); else if(id == COL_PLAYERS) { - sprintf(temp, "%i/%i", item->num_players, item->max_players); + str_format(temp, sizeof(temp), "%i/%i", item->num_players, item->max_players); ui_do_label(&button, temp, 12.0f, 1); } else if(id == COL_PING) { - sprintf(temp, "%i", item->latency); + str_format(temp, sizeof(temp), "%i", item->latency); ui_do_label(&button, temp, 12.0f, 1); } else if(id == COL_PROGRESS) @@ -981,13 +981,13 @@ static void menu2_render_serverbrowser(RECT main_view) char temp[16]; if(selected_server->progression < 0) - sprintf(temp, "N/A"); + str_format(temp, sizeof(temp), "N/A"); else - sprintf(temp, "%d%%", selected_server->progression); + str_format(temp, sizeof(temp), "%d%%", selected_server->progression); ui_hsplit_t(&right_column, 15.0f, &row, &right_column); ui_do_label(&row, temp, 13.0f, -1); - sprintf(temp, "%d", selected_server->latency); + str_format(temp, sizeof(temp), "%d", selected_server->latency); ui_hsplit_t(&right_column, 15.0f, &row, &right_column); ui_do_label(&row, temp, 13.0f, -1); } @@ -1012,7 +1012,7 @@ static void menu2_render_serverbrowser(RECT main_view) char temp[16]; ui_hsplit_t(&server_scoreboard, 16.0f, &row, &server_scoreboard); - sprintf(temp, "%d", selected_server->player_scores[i]); + str_format(temp, sizeof(temp), "%d", selected_server->player_scores[i]); ui_do_label(&row, temp, 14.0f, -1); ui_vsplit_l(&row, 25.0f, 0x0, &row); @@ -1050,7 +1050,7 @@ static void menu2_render_serverbrowser(RECT main_view) ui_vsplit_l(&button, 5.0f, &button, &button); char buf[8]; - sprintf(buf, "%d", config.b_filter_ping); + str_format(buf, sizeof(buf), "%d", config.b_filter_ping); ui_do_edit_box(&config.b_filter_ping, &editbox, buf, sizeof(buf), 14.0f); config.b_filter_ping = atoi(buf); @@ -1073,7 +1073,7 @@ static void menu2_render_serverbrowser(RECT main_view) ui_draw_rect(&status, vec4(1,1,1,0.25f), CORNER_B, 5.0f); ui_vmargin(&status, 50.0f, &status); char buf[128]; - sprintf(buf, "%d of %d servers", client_serverbrowse_sorted_num(), client_serverbrowse_num()); + str_format(buf, sizeof(buf), "%d of %d servers", client_serverbrowse_sorted_num(), client_serverbrowse_num()); ui_do_label(&status, buf, 14.0f, -1); // render toolbox @@ -1231,7 +1231,7 @@ static void menu2_render_settings_player(RECT main_view) { const skin *s = skin_get(i); char buf[128]; - sprintf(buf, "%s", s->name); + str_format(buf, sizeof(buf), "%s", s->name); int selected = 0; if(strcmp(s->name, config.player_skin) == 0) selected = 1; @@ -1357,7 +1357,7 @@ static void menu2_render_settings_graphics(RECT main_view) // draw footers ui_hsplit_b(&modelist, 20, &modelist, &footer); - sprintf(buf, "Current: %dx%d %d bit", config.gfx_screen_width, config.gfx_screen_height, config.gfx_color_depth); + str_format(buf, sizeof(buf), "Current: %dx%d %d bit", config.gfx_screen_width, config.gfx_screen_height, config.gfx_color_depth); ui_draw_rect(&footer, vec4(1,1,1,0.25f), CORNER_B, 5.0f); ui_vsplit_l(&footer, 10.0f, 0, &footer); ui_do_label(&footer, buf, 14.0f, -1); @@ -1397,7 +1397,7 @@ static void menu2_render_settings_graphics(RECT main_view) selected = 1; } - sprintf(buf, " %dx%d %d bit", modes[i].width, modes[i].height, depth); + str_format(buf, sizeof(buf), " %dx%d %d bit", modes[i].width, modes[i].height, depth); if(ui_do_button(&modes[i], buf, selected, &button, ui_draw_list_row, 0)) { config.gfx_color_depth = depth; @@ -1502,7 +1502,7 @@ static void menu2_render_settings_sound(RECT main_view) // sample rate box { char buf[64]; - sprintf(buf, "%d", config.snd_rate); + str_format(buf, sizeof(buf), "%d", config.snd_rate); ui_hsplit_t(&main_view, 20.0f, &button, &main_view); ui_do_label(&button, "Sample Rate", 14.0f, -1); ui_vsplit_l(&button, 110.0f, 0, &button); @@ -1810,7 +1810,7 @@ int menu2_render() if(client_mapdownload_totalsize() > 0) { title = "Downloading map"; - sprintf(buf, "%d/%d KiB", client_mapdownload_amount()/1024, client_mapdownload_totalsize()/1024); + str_format(buf, sizeof(buf), "%d/%d KiB", client_mapdownload_amount()/1024, client_mapdownload_totalsize()/1024); extra_text = buf; } } diff --git a/src/game/client/gc_skin.cpp b/src/game/client/gc_skin.cpp index 6136f76f..e3ed8b7c 100644 --- a/src/game/client/gc_skin.cpp +++ b/src/game/client/gc_skin.cpp @@ -23,7 +23,7 @@ static void skinscan(const char *name, int is_dir, void *user) return; char buf[512]; - sprintf(buf, "data/skins/%s", name); + str_format(buf, sizeof(buf), "data/skins/%s", name); IMAGE_INFO info; if(!gfx_load_png(&info, buf)) { -- cgit 1.4.1