Fix format overflow issues (#52)

Replace a few sprintf calls with snprintf to prevent buffer overflow. Added error messages to the logs where buffer size prevents a room, object, mobile, or quest from being saved to disk.
2018-07-15 10:52:28 -05:00
parent bf941bc9b2
commit ad88f94a46
6 changed files with 70 additions and 46 deletions
--- a/src/genqst.c
+++ b/src/genqst.c
@@ -220,7 +220,7 @@ int save_quests(zone_rnum zone_num)
      strip_cr(quest_quit);
      /* Save the quest details to the file.  */
      sprintascii(quest_flags, QST_FLAGS(rnum));
-      sprintf(buf,
+      int n = snprintf(buf, MAX_STRING_LENGTH,
        "#%d\n"
        "%s%c\n"
        "%s%c\n"
@@ -246,13 +246,18 @@ int save_quests(zone_rnum zone_num)
        QST_PREREQ(rnum) == NOTHING ? -1 : QST_PREREQ(rnum),
        QST_POINTS(rnum), QST_PENALTY(rnum), QST_MINLEVEL(rnum),
        QST_MAXLEVEL(rnum), QST_TIME(rnum),
- QST_RETURNMOB(rnum) == NOBODY ? -1 : QST_RETURNMOB(rnum),
- QST_QUANTITY(rnum), QST_GOLD(rnum), QST_EXP(rnum), QST_OBJ(rnum)
+        QST_RETURNMOB(rnum) == NOBODY ? -1 : QST_RETURNMOB(rnum),
+        QST_QUANTITY(rnum), QST_GOLD(rnum), QST_EXP(rnum), QST_OBJ(rnum)
      );
      
-      fprintf(sf, "%s", convert_from_tabs(buf));
-      
-      num_quests++;
+      if(n < MAX_STRING_LENGTH) {
+        fprintf(sf, "%s", convert_from_tabs(buf));
+        num_quests++;
+      } else {
+        mudlog(BRF,LVL_BUILDER,TRUE, 
+               "SYSERR: Could not save quest #%d due to size (%d > maximum of %d).", 
+               QST_NUM(rnum), n, MAX_STRING_LENGTH);
+      }
    }
  }
  /* Write the final line and close it.  */