Skip to content

Commit 15d31a4

Browse files
cen1cen1
committed
fix a possible buffer overflow and division by 0
1 parent cd737b4 commit 15d31a4

3 files changed

Lines changed: 12 additions & 11 deletions

File tree

src/bncsutil/bsha1.cpp

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -143,10 +143,10 @@ MEXP(void) calcHashBuf(const char* input, size_t length, char* result) {
143143
int i;
144144
uint32_t a, b, c, d, e, g;
145145
uint32_t* ldata;
146-
char data[1024];
147-
memset(data, 0, 1024);
146+
uint32_t data[256];
147+
memset(data, 0, sizeof(data));
148148
memcpy(data, input, length);
149-
ldata = (uint32_t*) data;
149+
ldata = data;
150150

151151
for (i = 0; i < 64; i++) {
152152
ldata[i + 16] =
@@ -207,12 +207,11 @@ MEXP(void) calcHashBuf(const char* input, size_t length, char* result) {
207207
BSHA_OP4(a, b, c, d, e, *ldata++, g) BSHA_OP4(a, b, c, d, e, *ldata++, g)
208208
BSHA_OP4(a, b, c, d, e, *ldata++, g) BSHA_OP4(a, b, c, d, e, *ldata++, g)
209209

210-
ldata = (uint32_t*) result;
211-
ldata[0] = LSB4(BSHA_IC1 + a);
212-
ldata[1] = LSB4(BSHA_IC2 + b);
213-
ldata[2] = LSB4(BSHA_IC3 + c);
214-
ldata[3] = LSB4(BSHA_IC4 + d);
215-
ldata[4] = LSB4(BSHA_IC5 + e);
216-
ldata = NULL;
210+
uint32_t tmp;
211+
tmp = LSB4(BSHA_IC1 + a); memcpy(result + 0, &tmp, 4);
212+
tmp = LSB4(BSHA_IC2 + b); memcpy(result + 4, &tmp, 4);
213+
tmp = LSB4(BSHA_IC3 + c); memcpy(result + 8, &tmp, 4);
214+
tmp = LSB4(BSHA_IC4 + d); memcpy(result + 12, &tmp, 4);
215+
tmp = LSB4(BSHA_IC5 + e); memcpy(result + 16, &tmp, 4);
217216
}
218217
#endif

src/bncsutil/cdkeydecoder.cpp

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,8 @@ CDKeyDecoder::CDKeyDecoder(const char* cdKey, size_t keyLength) {
140140
cdkey = new char[keyLength + 1];
141141
initialized = 1;
142142
keyLen = keyLength;
143-
strcpy(cdkey, cdKey);
143+
memcpy(cdkey, cdKey, keyLength);
144+
cdkey[keyLength] = '\0';
144145

145146
switch (keyType) {
146147
case KEY_STARCRAFT:

src/bncsutil/checkrevision.cpp

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -291,6 +291,7 @@ MEXP(int) checkRevision(const char* formula, const char* files[], int numFiles,
291291
break;
292292
case '/':
293293
// well, you never know
294+
if (values[ovs2[k]] == 0) return 0;
294295
values[ovd[k]] = values[ovs1[k]] / values[ovs2[k]];
295296
break;
296297
default:

0 commit comments

Comments
 (0)