The International Simutrans Forum

 

Author Topic: Fix for potential buffer overflows when assembling paths  (Read 515 times)

0 Members and 1 Guest are viewing this topic.

Offline ceeac

  • *
  • Posts: 54
Fix for potential buffer overflows when assembling paths
« on: October 08, 2019, 07:45:15 PM »
This patch fixes two potential buffer overflows when using very long paths and/or pakset names. Found by gcc's Wformat-overflow warning option.

Offline prissi

  • Developer
  • Administrator
  • *
  • Posts: 9584
  • Languages: De,EN,JP
Re: Fix for potential buffer overflows when assembling paths
« Reply #1 on: October 09, 2019, 06:01:05 AM »
I think there are many more areas where SImutrans is not ok against buffer overflow. Especially the UI with network code may have lot of exploit potential.

In case of file paths that would probably not be much of an issue, since the file in question cannot be opened if the path is longer than 1024 characters anyway.

Offline Ters

  • Coder/patcher
  • Devotee
  • *
  • Posts: 5554
  • Languages: EN, NO
Re: Fix for potential buffer overflows when assembling paths
« Reply #2 on: October 09, 2019, 08:45:19 PM »
Paths longer than 260 aren't going to work on (most versions of) Windows anyway. A better solution would be to use a version of sprintf that stops and reports an error. However, I'm not sure the C runtime(s) on Windows and the C runtime on Linux agree on what those are.

Just allowing for construction of longer stings just moves the error. In this case, the data is local, so an attacker trying to exploit this for something malicious would either be attacking himself, or already have gotten access to a lot more devious means of attack.