| … | |
… | |
| 32 | #include <time.h> |
32 | #include <time.h> |
| 33 | #include <signal.h> |
33 | #include <signal.h> |
| 34 | |
34 | |
| 35 | #include <global.h> |
35 | #include <global.h> |
| 36 | #include <material.h> |
36 | #include <material.h> |
|
|
37 | #include <object.h> |
| 37 | |
38 | |
| 38 | #include <sys/time.h> |
39 | #include <sys/time.h> |
| 39 | #include <sys/resource.h> |
40 | #include <sys/resource.h> |
| 40 | |
41 | |
| 41 | #include <glib.h> |
42 | #include <glib.h> |
| … | |
… | |
| 226 | int j; |
227 | int j; |
| 227 | |
228 | |
| 228 | if (!op->materialname) |
229 | if (!op->materialname) |
| 229 | return; |
230 | return; |
| 230 | |
231 | |
| 231 | if (change->materialname && strcmp (op->materialname, change->materialname)) |
232 | if (op->materialname != change->materialname) |
| 232 | return; |
233 | return; |
| 233 | |
234 | |
| 234 | if (!op->is_armor ()) |
235 | if (!op->is_armor ()) |
| 235 | return; |
236 | return; |
| 236 | |
237 | |
| … | |
… | |
| 447 | strcpy (input, tmp); |
448 | strcpy (input, tmp); |
| 448 | |
449 | |
| 449 | return; |
450 | return; |
| 450 | } |
451 | } |
| 451 | |
452 | |
|
|
453 | /******************************************************************************/ |
|
|
454 | |
|
|
455 | /* Checks a player-provided string which will become the msg property of |
|
|
456 | * an object for dangerous input. |
|
|
457 | */ |
|
|
458 | bool |
|
|
459 | msg_is_safe (const char *msg) |
|
|
460 | { |
|
|
461 | bool safe = true; |
|
|
462 | |
|
|
463 | /* Trying to cheat by getting data into the object */ |
|
|
464 | if (!strncmp (msg, "endmsg", sizeof ("endmsg") - 1) |
|
|
465 | || strstr (msg, "\nendmsg")) |
|
|
466 | safe = false; |
|
|
467 | |
|
|
468 | /* Trying to make the object talk, and potentially access arbitrary code */ |
|
|
469 | if (object::msg_has_dialogue (msg)) |
|
|
470 | safe = false; |
|
|
471 | |
|
|
472 | return safe; |
|
|
473 | } |
|
|
474 | |
| 452 | ///////////////////////////////////////////////////////////////////////////// |
475 | ///////////////////////////////////////////////////////////////////////////// |
| 453 | |
476 | |
| 454 | void |
477 | void |
| 455 | fork_abort (const char *msg) |
478 | fork_abort (const char *msg) |
| 456 | { |
479 | { |
| … | |
… | |
| 559 | |
582 | |
| 560 | #endif |
583 | #endif |
| 561 | |
584 | |
| 562 | /******************************************************************************/ |
585 | /******************************************************************************/ |
| 563 | |
586 | |
|
|
587 | int |
| 564 | void assign (char *dst, const char *src, int maxlen) |
588 | assign (char *dst, const char *src, int maxsize) |
| 565 | { |
589 | { |
| 566 | if (!src) |
590 | if (!src) |
| 567 | src = ""; |
591 | src = ""; |
| 568 | |
592 | |
| 569 | int len = strlen (src); |
593 | int len = strlen (src); |
| 570 | |
594 | |
| 571 | if (len >= maxlen - 1) |
595 | if (len >= maxsize) |
| 572 | { |
596 | { |
| 573 | if (maxlen <= 4) |
597 | if (maxsize <= 4) |
| 574 | { |
598 | { |
| 575 | memset (dst, '.', maxlen - 1); |
599 | memset (dst, '.', maxsize - 2); |
| 576 | dst [maxlen - 1] = 0; |
600 | dst [maxsize - 1] = 0; |
| 577 | } |
601 | } |
| 578 | else |
602 | else |
| 579 | { |
603 | { |
| 580 | memcpy (dst, src, maxlen - 4); |
604 | memcpy (dst, src, maxsize - 4); |
| 581 | memcpy (dst + maxlen - 4, "...", 4); |
605 | memcpy (dst + maxsize - 4, "...", 4); |
| 582 | } |
606 | } |
|
|
607 | |
|
|
608 | len = maxsize; |
| 583 | } |
609 | } |
| 584 | else |
610 | else |
| 585 | memcpy (dst, src, len + 1); |
611 | memcpy (dst, src, ++len); |
|
|
612 | |
|
|
613 | return len; |
| 586 | } |
614 | } |
| 587 | |
615 | |
| 588 | const char * |
616 | const char * |
| 589 | format (const char *format, ...) |
617 | format (const char *format, ...) |
| 590 | { |
618 | { |
