Originally posted by [b]HUNSharp[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=3902
If you write in the game "@ii aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...."
where "aaa..." is a string longer than 200 character, then that line can crash the server:
CODE
FILE: atcommand.c
FUNC: bool is_atcommand(const int fd, struct map_session_data* sd, const char* message, int type)
if (*message == atcommand_symbol) {
//atcmd_msg is constructed above differently for charcommands
//it's copied from message if not a charcommand so it can
//pass through the rest of the code compatible with both symbols
sprintf(atcmd_msg, "%s", message);
}
Because of missing string length check.
- sprintf(atcmd_msg, "%s", message);
+ safesnprintf(atcmd_msg, 200, "%s", message);