diff options
| -rw-r--r-- | CHANGELOG.md | 3 | ||||
| -rw-r--r-- | FICS/gamedb.c | 2 | ||||
| -rw-r--r-- | FICS/movecheck.c | 6 | ||||
| -rw-r--r-- | FICS/playerdb.c | 7 |
4 files changed, 15 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index bbcf774..c5227be 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,10 +11,13 @@ documented in this file. - Fixed memory leak in `process_login()`. - Fixed negative array index read in `accept_match()`. - Fixed null pointer dereferences. +- Fixed out-of-bounds array access in `has_legal_move()`. +- Fixed overflowed return value in `player_search()`. - Fixed possible buffer overflow in `FindHistory2()`. - Fixed unchecked function return values. Multiple occurrences. - Fixed uninitialized variables. - Fixed untrusted array indices. +- Fixed untrusted loop bounds. - Fixed use of 32-bit `time_t`. Y2K38 safety. Multiple occurrences. ## [1.4.4] - 2024-12-07 ## diff --git a/FICS/gamedb.c b/FICS/gamedb.c index 5142d39..6845c1d 100644 --- a/FICS/gamedb.c +++ b/FICS/gamedb.c @@ -1998,7 +1998,7 @@ addjournalitem(int p, char count2, char *WhiteName2, int WhiteRating2, fclose(fp); fclose(fp2); - rename(fname2, fname); + xrename(__func__, fname2, fname); } PUBLIC int diff --git a/FICS/movecheck.c b/FICS/movecheck.c index a0c9d30..5f607de 100644 --- a/FICS/movecheck.c +++ b/FICS/movecheck.c @@ -25,6 +25,8 @@ Markus Uhlin 23/12/24 Fixed dead assignment Markus Uhlin 24/05/05 Refactored and reformatted all functions. + Markus Uhlin 25/03/21 Fixed out-of-bounds array access + in has_legal_move(). */ #include "stdinclude.h" @@ -967,8 +969,10 @@ has_legal_move(game_state_t *gs) &numpossible); break; } - if (numpossible >= 500) + if (numpossible >= 500) { fprintf(stderr, "FICS: Possible move overrun\n"); + return 0; + } for (i = 0; i < numpossible; i++) { if (legal_andcheck_move(gs, f, r, possiblef[i], possibler[i])) diff --git a/FICS/playerdb.c b/FICS/playerdb.c index a892e3d..cf7a014 100644 --- a/FICS/playerdb.c +++ b/FICS/playerdb.c @@ -36,6 +36,8 @@ Markus Uhlin 24/12/02 Made many improvements Markus Uhlin 24/12/04 Added player number checks Markus Uhlin 25/02/11 Calc string length once + Markus Uhlin 25/03/22 Fixed overflowed return value in + player_search(). */ #include "stdinclude.h" @@ -2845,8 +2847,11 @@ player_search(int p, char *name) int p1, count; // Exact match with connected player? - if ((p1 = player_find_bylogin(name)) >= 0) + if ((p1 = player_find_bylogin(name)) >= 0) { + if (p1 + 1 >= (int)ARRAY_SIZE(parray)) + return 0; return (p1 + 1); + } // Exact match with registered player? snprintf(pdir, sizeof pdir, "%s/%c", player_dir, name[0]); |