(svn r2831) Fix some potential and real buffer overflows

2005-08-07 14:18:17 +00:00
parent 14e80ca159
commit 3f39db10d7
3 changed files with 18 additions and 7 deletions
--- a/settings.c
+++ b/settings.c
@@ -524,6 +524,7 @@ static const void *string_to_val(const SettingDesc *desc, const char *str)
 	case SDT_STRINGBUF:
 	case SDT_STRINGQUOT:
 	case SDT_INTLIST:
+	case SDT_CHAR:
 		return str;
 	}

@@ -589,6 +590,11 @@ static void load_setting_desc(IniFile *ini, const SettingDesc *desc, const void
 		case SDT_STRINGQUOT:
 			if (p) ttd_strlcpy((char*)ptr, p, desc->flags >> 16);
 			break;
+
+		case SDT_CHAR:
+			*(char*)ptr = *(char*)p;
+			break;
+
 		case SDT_INTLIST: {
 			if (!load_intlist(p, ptr, desc->flags >> 16, desc->flags >> 4 & 7))
 				ShowInfoF("ini: error in array '%s'", desc->name);
@@ -713,6 +719,10 @@ static void save_setting_desc(IniFile *ini, const SettingDesc *desc, const void
 		case SDT_INTLIST:
 			make_intlist(buf, ptr, desc->flags >> 16, desc->flags >> 4 & 7);
 			break;
+
+		case SDT_CHAR:
+			sprintf(buf, "\"%c\"", *(char*)ptr);
+			break;
 		}
 		// the value is different, that means we have to write it to the ini
 		item->value = pool_strdup(&ini->pool, buf, strlen(buf));
@@ -991,10 +1001,10 @@ const SettingDesc patch_settings[] = {

 static const SettingDesc currency_settings[] = {
 	{ "rate",      SDT_UINT16,                                               (void*)1,   &_custom_currency.rate,      NULL },
-	{ "separator", SDT_STRINGQUOT | (2) << 16,  ".",        &_custom_currency.separator, NULL },
+	{ "separator", SDT_CHAR,                                                 ".",        &_custom_currency.separator, NULL },
 	{ "to_euro",   SDT_UINT16,                                               (void*)0,   &_custom_currency.to_euro,   NULL },
-	{ "prefix",    SDT_STRINGQUOT | (16) << 16, NULL,       &_custom_currency.prefix,    NULL },
-	{ "suffix",    SDT_STRINGQUOT | (16) << 16, " credits", &_custom_currency.suffix,    NULL },
+	{ "prefix",    SDT_STRINGQUOT | lengthof(_custom_currency.prefix) << 16, NULL,       &_custom_currency.prefix,    NULL },
+	{ "suffix",    SDT_STRINGQUOT | lengthof(_custom_currency.suffix) << 16, " credits", &_custom_currency.suffix,    NULL },
 	{ NULL, 0, NULL, NULL, NULL }
 };

--- a/settings.h
+++ b/settings.h
@@ -12,6 +12,7 @@ enum SettingDescType {
 	SDT_STRINGBUF,
 	SDT_INTLIST,
 	SDT_STRINGQUOT, // string with quotation marks around it
+	SDT_CHAR,

 	SDT_INT8 = 0 << 4,
 	SDT_UINT8 = 1 << 4,
--- a/settings_gui.c
+++ b/settings_gui.c
@@ -1319,7 +1319,7 @@ void DrawArrowButtons(int x, int y, int state)
 	DrawStringCentered(x+15, y+1, STR_681A, 0);
 }

-char _str_separator[2];
+static char _str_separator[2];

 static void CustCurrencyWndProc(Window *w, WindowEvent *e)
 {
@@ -1467,7 +1467,7 @@ static void CustCurrencyWndProc(Window *w, WindowEvent *e)
 				break;
 				case 1: /* Thousands seperator */
 					_custom_currency.separator = (b[0] == '\0') ? ' ' : b[0];
-					ttd_strlcpy(_str_separator, b, 16);
+					ttd_strlcpy(_str_separator, b, lengthof(_str_separator));
 				break;
 				case 2: /* Currency prefix */
 					ttd_strlcpy(_custom_currency.prefix, b, lengthof(_custom_currency.prefix));