diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | FICS/gamedb.c | 8 | ||||
| -rw-r--r-- | FICS/network.c | 20 | ||||
| -rw-r--r-- | FICS/playerdb.c | 8 | ||||
| -rw-r--r-- | FICS/utils.c | 7 |
5 files changed, 30 insertions, 14 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index bbcf774..33abc48 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ documented in this file. - Fixed unchecked function return values. Multiple occurrences. - Fixed uninitialized variables. - Fixed untrusted array indices. +- Fixed untrusted loop bounds. - Fixed use of 32-bit `time_t`. Y2K38 safety. Multiple occurrences. ## [1.4.4] - 2024-12-07 ## diff --git a/FICS/gamedb.c b/FICS/gamedb.c index 572abf5..5142d39 100644 --- a/FICS/gamedb.c +++ b/FICS/gamedb.c @@ -36,6 +36,7 @@ Markus Uhlin 24/11/25 Null checks Markus Uhlin 24/12/02 Fixed bugs and ignored function return values. + Markus Uhlin 25/03/18 Fixed unchecked return values */ #include "stdinclude.h" @@ -986,11 +987,12 @@ ReadGameState(FILE *fp, game_state_t *gs, int version) } } } else { - getc(fp); /* Skip past a newline. */ + (void) getc(fp); /* Skip past a newline. */ for (i = 0; i < 8; i++) { for (j = 0; j < 8; j++) { - pieceChar = getc(fp); + if ((pieceChar = getc(fp)) == EOF) + return -1; gs->board[i][j] = CharToPiece(pieceChar); } } @@ -1922,7 +1924,7 @@ addjournalitem(int p, char count2, char *WhiteName2, int WhiteRating2, ending2, result2); fclose(fp2); - rename(fname2, fname); + xrename(__func__, fname2, fname); return; } else { _Static_assert(ARRAY_SIZE(WhiteName) > 19, diff --git a/FICS/network.c b/FICS/network.c index 10e356d..b795e99 100644 --- a/FICS/network.c +++ b/FICS/network.c @@ -267,7 +267,9 @@ net_send_string(int fd, char *str, int format) if ((which = findConnection(fd)) < 0) return -1; while (*str) { - for (i = 0; str[i] >= ' '; i++) { + const int upbound = strlen(str); + + for (i = 0; i < upbound && str[i] >= ' '; i++) { /* null */; } @@ -471,7 +473,7 @@ readline2(comstr_t *cs, int who) PUBLIC int net_init(int p_port) { - int opt; + int opt, ret; struct linger lingeropt; struct sockaddr_in serv_addr; @@ -510,15 +512,23 @@ net_init(int p_port) */ opt = 1; - setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (char *) &opt, sizeof opt); + ret = setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (char *) &opt, + sizeof opt); + if (ret == -1) + warn("%s: SO_REUSEADDR", __func__); opt = 1; - setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (char *) &opt, sizeof opt); + ret = setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (char *) &opt, + sizeof opt); + if (ret == -1) + warn("%s: SO_KEEPALIVE", __func__); lingeropt.l_onoff = 0; lingeropt.l_linger = 0; - setsockopt(sockfd, SOL_SOCKET, SO_LINGER, (char *) &lingeropt, + ret = setsockopt(sockfd, SOL_SOCKET, SO_LINGER, (char *) &lingeropt, sizeof(lingeropt)); + if (ret == -1) + warn("%s: SO_LINGER", __func__); if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof serv_addr) < 0) { fprintf(stderr, "FICS: can't bind local address. errno=%d\n", diff --git a/FICS/playerdb.c b/FICS/playerdb.c index 7424edd..a892e3d 100644 --- a/FICS/playerdb.c +++ b/FICS/playerdb.c @@ -1040,7 +1040,7 @@ player_read(int p, char *name) } if (line[0] == 'v') - sscanf(line, "%*c %d", &version); + (void)sscanf(line, "%*c %d", &version); if (version > 0) // Quick method: ReadV1PlayerFmt(p, &parray[p], fp, fname, version); else { // Do it the old SLOW way @@ -3087,11 +3087,13 @@ player_add_comment(int p_by, int p_to, char *comment) PUBLIC int player_show_comments(int p, int p1) { - char fname[MAX_FILENAME_SIZE]; + char fname[MAX_FILENAME_SIZE] = { '\0' }; snprintf(fname, sizeof fname, "%s/player_data/%c/%s.%s", stats_dir, parray[p1].login[0], parray[p1].login, "comments"); - psend_file(p, NULL, fname); + + if (psend_file(p, NULL, fname) == -1) + warnx("%s: psend_file() error", __func__); return 0; } diff --git a/FICS/utils.c b/FICS/utils.c index 1435e77..ce02a5d 100644 --- a/FICS/utils.c +++ b/FICS/utils.c @@ -506,9 +506,10 @@ pmore_file(int p) return -1; } - while (!feof(fp) && --lcount > 0) { - if (fgets(tmp, sizeof tmp, fp) != NULL && !feof(fp)) - net_send_string(parray[p].socket, tmp, 1); + while (--lcount > 0) { + if (fgets(tmp, sizeof tmp, fp) == NULL) + break; + net_send_string(parray[p].socket, tmp, 1); } if (!feof(fp)) { |