Fix fscanf width specifiers in copyover_recover() to prevent buffer overflow

Agent-Logs-Url: https://github.com/tbamud/tbamud/sessions/82069e78-2bd9-4ff9-9053-0d47dfae5193 Co-authored-by: welcor <357770+welcor@users.noreply.github.com>
Initial plan
2026-04-30 04:41:51 +02:00 · 2026-04-24 10:19:06 +00:00 · 2026-04-24 10:18:25 +00:00
2 changed files with 1 additions and 8 deletions
--- a/src/comm.c
+++ b/src/comm.c
@@ -415,7 +415,7 @@ void copyover_recover()

  for (;;) {
    fOld = TRUE;
-    if (fscanf(fp, "%d %ld %s %s %s\n", &desc, &pref, name, host, guiopt) != 5) {
+    if (fscanf(fp, "%d %ld %511s %1023s %1023s\n", &desc, &pref, name, host, guiopt) != 5) {
      if(!feof(fp)) {
        if(ferror(fp))
          log("SYSERR: error reading copyover file %s: %s", COPYOVER_FILE, strerror(errno));
--- a/src/dg_variables.c
+++ b/src/dg_variables.c
@@ -1636,13 +1636,6 @@ void var_subst(void *go, struct script_data *sc, trig_data *trig,
  int paren_count = 0;
  int dots = 0;

-  /* reject lines that would overflow our fixed-size buffers */
-  if (strnlen(line, MAX_INPUT_LENGTH) >= MAX_INPUT_LENGTH) {
-    script_log("Trigger VNum %d: variable substitution line too long, ignoring.", GET_TRIG_VNUM(trig));
-    *buf = '\0';
-    return;
-  }
-
  /* skip out if no %'s */
  if (!strchr(line, '%')) {
    strcpy(buf, line);
Author	SHA1	Message	Date
copilot-swe-agent[bot]	5d0f3ecfbb	Fix fscanf width specifiers in copyover_recover() to prevent buffer overflow Agent-Logs-Url: https://github.com/tbamud/tbamud/sessions/82069e78-2bd9-4ff9-9053-0d47dfae5193 Co-authored-by: welcor <357770+welcor@users.noreply.github.com>	2026-04-24 10:19:06 +00:00
copilot-swe-agent[bot]	2eb786ff0d	Initial plan	2026-04-24 10:18:25 +00:00