From 323f5ea92efc9857570cbd5e9dcd9cbdb2f4e07a Mon Sep 17 00:00:00 2001 From: "Michael Cook (mackal)" Date: Fri, 19 Mar 2021 00:43:13 -0400 Subject: [PATCH] [Bug Fix] Add Bounds Checking to OP_LFGCommand Comment Processing Theoretically this could be used to corrupt memory, but they would have to get extremely lucky to actually execute a successful attack --- zone/client_packet.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zone/client_packet.cpp b/zone/client_packet.cpp index f4c7f1809..d6ef48140 100644 --- a/zone/client_packet.cpp +++ b/zone/client_packet.cpp @@ -9190,7 +9190,7 @@ void Client::Handle_OP_LFGCommand(const EQApplicationPacket *app) LFGFromLevel = lfg->FromLevel; LFGToLevel = lfg->ToLevel; LFGMatchFilter = lfg->MatchFilter; - strcpy(LFGComments, lfg->Comments); + strn0cpy(LFGComments, lfg->Comments, sizeof(LFGComments)); break; default: Message(0, "Error: unknown LFG value %i", lfg->value);