News:

Do you need help?
Simutrans Wiki Manual can help you to play and extend Simutrans. In 9 languages.

Fix for potential buffer overflows when assembling paths

Started by ceeac, October 08, 2019, 07:45:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

ceeac

This patch fixes two potential buffer overflows when using very long paths and/or pakset names. Found by gcc's Wformat-overflow warning option.

prissi

I think there are many more areas where SImutrans is not ok against buffer overflow. Especially the UI with network code may have lot of exploit potential.

In case of file paths that would probably not be much of an issue, since the file in question cannot be opened if the path is longer than 1024 characters anyway.

Ters

Paths longer than 260 aren't going to work on (most versions of) Windows anyway. A better solution would be to use a version of sprintf that stops and reports an error. However, I'm not sure the C runtime(s) on Windows and the C runtime on Linux agree on what those are.

Just allowing for construction of longer stings just moves the error. In this case, the data is local, so an attacker trying to exploit this for something malicious would either be attacking himself, or already have gotten access to a lot more devious means of attack.