no array bounds check on main chat nick - Hercules bug tracker archive

Warning! This is the old Hercules bugtracker archive, and may not reflect the current state of Hercules. The current bugtracker is on GitHub Issues.

Issue information

Issue ID

#2671

Status

Fixed

Severity

Medium

Started

Hercules Elf Bot

Jan 17, 2009 4:26

Last Post

Hercules Elf Bot

Jan 17, 2009 4:26

Confirmation

N/A

Hercules Elf Bot - Jan 17, 2009 4:26

Originally posted by [b]theultramage[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=2671

The code that loads main_chat_nick from the configs uses an unsafe strcpy. The target buffer is only 16 bytes large. If someone decides to use a longer nick, this will produce a buffer overflow.

Incidentally, the global variable that got trashed in one paricular server was 'save_settings'. The real cause was only found by coincidence.