Fix unbounded strcpy of password from player file (use strncpy with MAX_PWD_LENGTH)

Agent-Logs-Url: https://github.com/tbamud/tbamud/sessions/28ad1d51-d776-4038-a489-db00dc08e5ff Co-authored-by: welcor <357770+welcor@users.noreply.github.com>
Initial plan
2026-04-30 04:41:51 +02:00 · 2026-04-24 10:21:06 +00:00 · 2026-04-24 10:19:05 +00:00
2 changed files with 2 additions and 2 deletions
--- a/src/dg_variables.c
+++ b/src/dg_variables.c
@@ -1722,5 +1722,5 @@ void var_subst(void *go, struct script_data *sc, trig_data *trig,
      left -= len;
    } /* else if *p .. */
  } /* while *p .. */
-  *buf = '\0';
+  buf[sizeof(buf) - 1] = '\0';
 }
--- a/src/players.c
+++ b/src/players.c
@@ -405,7 +405,7 @@ int load_char(const char *name, struct char_data *ch)

      case 'P':
       if (!strcmp(tag, "Page"))  GET_PAGE_LENGTH(ch) = atoi(line);
-	else if (!strcmp(tag, "Pass"))	strcpy(GET_PASSWD(ch), line);
+	else if (!strcmp(tag, "Pass")) { strncpy(GET_PASSWD(ch), line, MAX_PWD_LENGTH); GET_PASSWD(ch)[MAX_PWD_LENGTH] = '\0'; }
 	else if (!strcmp(tag, "Plyd"))	ch->player.time.played	= atoi(line);
 	else if (!strcmp(tag, "PfIn"))	POOFIN(ch)		= strdup(line);
 	else if (!strcmp(tag, "PfOt"))	POOFOUT(ch)		= strdup(line);
Author	SHA1	Message	Date
copilot-swe-agent[bot]	bf9105aa4a	Fix unbounded strcpy of password from player file (use strncpy with MAX_PWD_LENGTH) Agent-Logs-Url: https://github.com/tbamud/tbamud/sessions/28ad1d51-d776-4038-a489-db00dc08e5ff Co-authored-by: welcor <357770+welcor@users.noreply.github.com>	2026-04-24 10:21:06 +00:00
copilot-swe-agent[bot]	fd81fadaed	Initial plan	2026-04-24 10:19:05 +00:00