From f1ab7cd2082ff70081a581b1cb0272e9058b3daf Mon Sep 17 00:00:00 2001 From: Akash Mozumdar Date: Wed, 13 Feb 2019 16:45:00 -0500 Subject: [PATCH] wow, it's like every time i have a chance to allow a buffer overrun, i do so --- GUI/host/util.cpp | 8 ++++---- include/types.h | 2 +- vnrhook/main.cc | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/GUI/host/util.cpp b/GUI/host/util.cpp index 502d46f..ec142e4 100644 --- a/GUI/host/util.cpp +++ b/GUI/host/util.cpp @@ -67,7 +67,7 @@ namespace hp.codepage = Host::defaultCodepage; } - wcscpy_s(hp.text, SCode.c_str()); + wcsncpy_s(hp.text, SCode.c_str(), MAX_MODULE_SIZE - 1); return hp; } @@ -153,13 +153,13 @@ namespace if (match[2].matched) { hp.type |= MODULE_OFFSET; - wcscpy_s(hp.module, match[2].str().erase(0, 1).c_str()); + wcsncpy_s(hp.module, match[2].str().erase(0, 1).c_str(), MAX_MODULE_SIZE - 1); } if (match[3].matched) { hp.type |= FUNCTION_OFFSET; std::wstring func = match[3]; - strcpy_s(hp.function, std::string(func.begin(), func.end()).erase(0, 1).c_str()); + strncpy_s(hp.function, std::string(func.begin(), func.end()).erase(0, 1).c_str(), MAX_MODULE_SIZE - 1); } // ITH has registers offset by 4 vs AGTH: need this to correct @@ -237,7 +237,7 @@ namespace { hp.type |= MODULE_OFFSET; hp.address -= (uint64_t)info.AllocationBase; - wcscpy_s(hp.module, moduleName->c_str() + moduleName->rfind(L'\\') + 1); + wcsncpy_s(hp.module, moduleName->c_str() + moduleName->rfind(L'\\') + 1, MAX_MODULE_SIZE - 1); } HCode << "@" << hp.address; diff --git a/include/types.h b/include/types.h index f13cd6a..2bc51d1 100644 --- a/include/types.h +++ b/include/types.h @@ -103,7 +103,7 @@ struct InsertHookCmd // From host struct ConsoleOutputNotif // From hook { - ConsoleOutputNotif(std::string message = "") { strcpy_s(this->message, message.c_str()); } + ConsoleOutputNotif(std::string message = "") { strncpy_s(this->message, message.c_str(), MESSAGE_SIZE - 1); } int command = HOST_NOTIFICATION_TEXT; char message[MESSAGE_SIZE] = {}; }; diff --git a/vnrhook/main.cc b/vnrhook/main.cc index b10823d..08c38d0 100644 --- a/vnrhook/main.cc +++ b/vnrhook/main.cc @@ -162,7 +162,7 @@ void NewHook(HookParam hp, LPCSTR lpname, DWORD flag) else { if (++currentHook >= MAX_HOOK) return ConsoleOutput(TOO_MANY_HOOKS); - if (lpname && *lpname) strcpy_s(hp.name, lpname); + if (lpname && *lpname) strncpy_s(hp.name, lpname, HOOK_NAME_SIZE - 1); ConsoleOutput(INSERTING_HOOK, hp.name); RemoveHook(hp.address, 0); if (!hooks[currentHook].Insert(hp, flag)) ConsoleOutput(HOOK_FAILED);