Fix unbounded strcpy of password from player file (use strncpy with MAX_PWD_LENGTH)

Agent-Logs-Url: https://github.com/tbamud/tbamud/sessions/28ad1d51-d776-4038-a489-db00dc08e5ff Co-authored-by: welcor <357770+welcor@users.noreply.github.com>
Initial plan
2026-04-30 04:41:51 +02:00 · 2026-04-24 10:21:06 +00:00 · 2026-04-24 10:19:05 +00:00
2 changed files with 1 additions and 8 deletions
--- a/src/dg_variables.c
+++ b/src/dg_variables.c
@@ -1636,13 +1636,6 @@ void var_subst(void *go, struct script_data *sc, trig_data *trig,
  int paren_count = 0;
  int dots = 0;

-  /* reject lines that would overflow our fixed-size buffers */
-  if (strnlen(line, MAX_INPUT_LENGTH) >= MAX_INPUT_LENGTH) {
-    script_log("Trigger VNum %d: variable substitution line too long, ignoring.", GET_TRIG_VNUM(trig));
-    *buf = '\0';
-    return;
-  }
-
  /* skip out if no %'s */
  if (!strchr(line, '%')) {
    strcpy(buf, line);
--- a/src/players.c
+++ b/src/players.c
@@ -405,7 +405,7 @@ int load_char(const char *name, struct char_data *ch)

      case 'P':
       if (!strcmp(tag, "Page"))  GET_PAGE_LENGTH(ch) = atoi(line);
-	else if (!strcmp(tag, "Pass"))	strcpy(GET_PASSWD(ch), line);
+	else if (!strcmp(tag, "Pass")) { strncpy(GET_PASSWD(ch), line, MAX_PWD_LENGTH); GET_PASSWD(ch)[MAX_PWD_LENGTH] = '\0'; }
 	else if (!strcmp(tag, "Plyd"))	ch->player.time.played	= atoi(line);
 	else if (!strcmp(tag, "PfIn"))	POOFIN(ch)		= strdup(line);
 	else if (!strcmp(tag, "PfOt"))	POOFOUT(ch)		= strdup(line);
Author	SHA1	Message	Date
copilot-swe-agent[bot]	bf9105aa4a	Fix unbounded strcpy of password from player file (use strncpy with MAX_PWD_LENGTH) Agent-Logs-Url: https://github.com/tbamud/tbamud/sessions/28ad1d51-d776-4038-a489-db00dc08e5ff Co-authored-by: welcor <357770+welcor@users.noreply.github.com>	2026-04-24 10:21:06 +00:00
copilot-swe-agent[bot]	fd81fadaed	Initial plan	2026-04-24 10:19:05 +00:00