[BUG] Correction of use strlcpy - potencial security issue
VVD opened this issue · 1 comments
VVD commented
--- a/src/race.c
+++ b/src/race.c
@@ -3566,9 +3566,9 @@ void read_topscores(void)
race_fgets(line, MAX_TXTLEN);
race.records[cnt].time = atof(line);
race_fgets(line, MAX_TXTLEN);
- strlcpy(race.records[cnt].racername, line, strlen(line));
+ strlcpy(race.records[cnt].racername, line, sizeof(race.records[0].racername));
race_fgets(line, MAX_TXTLEN);
- strlcpy(race.records[cnt].demoname, line, strlen(line));
+ strlcpy(race.records[cnt].demoname, line, sizeof(race.records[0].demoname));
race_fgets(line, MAX_TXTLEN);
race.records[cnt].distance = atof(line);
race_fgets(line, MAX_TXTLEN);
@@ -3576,7 +3576,7 @@ void read_topscores(void)
race_fgets(line, MAX_TXTLEN);
race.records[cnt].avgspeed = atof(line);
race_fgets(line, MAX_TXTLEN);
- strlcpy(race.records[cnt].date, line, strlen(line));
+ strlcpy(race.records[cnt].date, line, sizeof(race.records[0].date));
race_fgets(line, MAX_TXTLEN);
race.records[cnt].weaponmode = atoi(line);
race_fgets(line, MAX_TXTLEN);
VVD commented
#define MAX_TXTLEN 128
typedef struct
{
float time;
char racername[64];
char demoname[64];
float distance;
float maxspeed;
float avgspeed;
float avgcount;
char date[64];
raceWeapoMode_t weaponmode; // weapon mode
raceFalseStartMode_t startmode; // start mode
int playernumber;
int position;
} raceRecord_t;
race_fgets(line, MAX_TXTLEN);
strlcpy(race.records[cnt].racername, line, strlen(line));
If racername > 64 bytes length.