Fixed possible string out of bounds in configurations (#3631)

Added safestrncpy to char's inter configurations
Added safestrncpy to map's inter configurations
Added safestrncpy to message configurations
Adjusted some char configurations
Cleaned up logging configurations

Fixes #3624 

Thanks to @mrjnumber1

conf/char_athena.conf

@@ -85,7 +85,7 @@ char_maintenance: 0
 
 // Enable or disable creation of new characters.
 // Now it is actually supported [Kevin]
-char_new: 1
+char_new: yes
 
 // Display (New) in the server list.
 char_new_display: 0
@@ -141,7 +141,7 @@ guild_exp_rate: 100
 unknown_char_name: Unknown
 
 // To log the character server?
-log_char: 1
+log_char: yes
 
 // Allow or not identical name for characters but with a different case (upper/lower):
 // example: Test-test-TEST-TesT; Value: 0 not allowed (default), 1 allowed

conf/log_athena.conf

@@ -37,7 +37,7 @@
 // Please note that moving items from inventory to cart and back is not logged by design.
 enable_logs: 0xFFFFFF
 
-// Use MySQL Logs? [SQL Version Only] (Note 1)
+// Use MySQL Logs? (Note 1)
 sql_logs: yes
 
 // LOGGING FILTERS
@@ -86,10 +86,8 @@ log_branch: no
 // 0 - don't log; 1 - log any zeny changes; 2.....1000000 - minimal absolute logging zeny value
 log_zeny: 0
 
-// Track Cash Changes
-// 0 - don't log
-// 1 - log any changes
-log_cash: 1
+// Track Cash Changes (Note 1)
+log_cash: yes
 
 // Log MVP Monster Drops (Note 1)
 // Outdated. Use Pick_Log instead. But this log could be useful to keep track slayed MVPs

src/char/char.cpp

@@ -2951,7 +2951,7 @@ bool char_config_read(const char* cfgName, bool normal){
 		} else if (strcmpi(w1, "char_maintenance") == 0) {
 			charserv_config.char_maintenance = atoi(w2);
 		} else if (strcmpi(w1, "char_new") == 0) {
-			charserv_config.char_new = (bool)atoi(w2);
+			charserv_config.char_new = (bool)config_switch(w2);
 		} else if (strcmpi(w1, "char_new_display") == 0) {
 			charserv_config.char_new_display = atoi(w2);
 		} else if (strcmpi(w1, "max_connect_user") == 0) {
@@ -2987,7 +2987,7 @@ bool char_config_read(const char* cfgName, bool normal){
 			char_config_split_startitem(w1, w2, charserv_config.start_items_doram);
 #endif
 		} else if(strcmpi(w1,"log_char")==0) {		//log char or not [devil]
-			charserv_config.log_char = atoi(w2);
+			charserv_config.log_char = config_switch(w2);
 		} else if (strcmpi(w1, "unknown_char_name") == 0) {
 			safestrncpy(charserv_config.char_config.unknown_char_name, w2, sizeof(charserv_config.char_config.unknown_char_name));
 			charserv_config.char_config.unknown_char_name[NAME_LENGTH-1] = '\0';

src/char/inter.cpp

@@ -803,17 +803,17 @@ int inter_config_read(const char* cfgName)
 			continue;
 
 		if(!strcmpi(w1,"char_server_ip"))
-			strcpy(char_server_ip,w2);
+			safestrncpy(char_server_ip,w2,sizeof(char_server_ip));
 		else if(!strcmpi(w1,"char_server_port"))
 			char_server_port = atoi(w2);
 		else if(!strcmpi(w1,"char_server_id"))
-			strcpy(char_server_id,w2);
+			safestrncpy(char_server_id,w2,sizeof(char_server_id));
 		else if(!strcmpi(w1,"char_server_pw"))
-			strcpy(char_server_pw,w2);
+			safestrncpy(char_server_pw,w2,sizeof(char_server_pw));
 		else if(!strcmpi(w1,"char_server_db"))
-			strcpy(char_server_db,w2);
+			safestrncpy(char_server_db,w2,sizeof(char_server_db));
 		else if(!strcmpi(w1,"default_codepage"))
-			strcpy(default_codepage,w2);
+			safestrncpy(default_codepage,w2,sizeof(default_codepage));
 		else if(!strcmpi(w1,"party_share_level"))
 			party_share_level = (unsigned int)atof(w2);
 		else if(!strcmpi(w1,"log_inter"))

src/common/msg_conf.cpp

@@ -9,6 +9,7 @@
 
 #include "malloc.hpp"
 #include "showmsg.hpp"
+#include "strlib.hpp"
 
 /*
  * Return the message string of the specified number by [Yor]
@@ -56,8 +57,9 @@ int _msg_config_read(const char* cfgName,int size, char ** msg_table)
 			if (msg_number >= 0 && msg_number < size) {
 				if (msg_table[msg_number] != NULL)
 					aFree(msg_table[msg_number]);
-				msg_table[msg_number] = (char *) aMalloc((strlen(w2) + 1) * sizeof (char));
-				strcpy(msg_table[msg_number], w2);
+				size_t len = strnlen(w2,sizeof(w2));
+				msg_table[msg_number] = (char *) aMalloc(len * sizeof (char));
+				safestrncpy(msg_table[msg_number], w2, len);
 				msg_count++;
 			}
 			else

src/map/chrif.cpp

@@ -236,12 +236,12 @@ bool chrif_auth_finished(struct map_session_data* sd) {
 }
 // sets char-server's user id
 void chrif_setuserid(char *id) {
-	memcpy(userid, id, NAME_LENGTH);
+	safestrncpy(userid, id, NAME_LENGTH);
 }
 
 // sets char-server's password
 void chrif_setpasswd(char *pwd) {
-	memcpy(passwd, pwd, NAME_LENGTH);
+	safestrncpy(passwd, pwd, NAME_LENGTH);
 }
 
 // security check, prints warning if using default password

src/map/map.cpp

@@ -3998,13 +3998,13 @@ int map_config_read(const char *cfgName)
 		} else if (strcmpi(w1, "save_settings") == 0)
 			save_settings = cap_value(atoi(w2),CHARSAVE_NONE,CHARSAVE_ALL);
 		else if (strcmpi(w1, "motd_txt") == 0)
-			strcpy(motd_txt, w2);
+			safestrncpy(motd_txt, w2, sizeof(motd_txt));
 		else if (strcmpi(w1, "help_txt") == 0)
-			strcpy(help_txt, w2);
+			safestrncpy(help_txt, w2, sizeof(help_txt));
 		else if (strcmpi(w1, "help2_txt") == 0)
-			strcpy(help2_txt, w2);
+			safestrncpy(help2_txt, w2, sizeof(help2_txt));
 		else if (strcmpi(w1, "charhelp_txt") == 0)
-			strcpy(charhelp_txt, w2);
+			safestrncpy(charhelp_txt, w2, sizeof(charhelp_txt));
 		else if (strcmpi(w1, "channel_conf") == 0)
 			safestrncpy(channel_conf, w2, sizeof(channel_conf));
 		else if(strcmpi(w1,"db_path") == 0)
@@ -4115,75 +4115,75 @@ int inter_config_read(const char *cfgName)
 #undef RENEWALPREFIX
 
 		if( strcmpi( w1, "buyingstore_db" ) == 0 )
-			strcpy( buyingstores_table, w2 );
+			safestrncpy( buyingstores_table, w2, sizeof(buyingstores_table) );
 		else if( strcmpi( w1, "buyingstore_items_table" ) == 0 )
-			strcpy( buyingstore_items_table, w2 );
+			safestrncpy( buyingstore_items_table, w2, sizeof(buyingstore_items_table) );
 		else if(strcmpi(w1,"item_table")==0)
-			strcpy(item_table,w2);
+			safestrncpy(item_table,w2,sizeof(item_table));
 		else if(strcmpi(w1,"item2_table")==0)
-			strcpy(item2_table,w2);
+			safestrncpy(item2_table,w2,sizeof(item2_table));
 		else if(strcmpi(w1,"mob_table")==0)
-			strcpy(mob_table,w2);
+			safestrncpy(mob_table,w2,sizeof(mob_table));
 		else if(strcmpi(w1,"mob2_table")==0)
-			strcpy(mob2_table,w2);
+			safestrncpy(mob2_table,w2,sizeof(mob2_table));
 		else if(strcmpi(w1,"mob_skill_table")==0)
-			strcpy(mob_skill_table,w2);
+			safestrncpy(mob_skill_table,w2,sizeof(mob_skill_table));
 		else if(strcmpi(w1,"mob_skill2_table")==0)
-			strcpy(mob_skill2_table,w2);
+			safestrncpy(mob_skill2_table,w2,sizeof(mob_skill2_table));
 		else if( strcmpi( w1, "item_cash_table" ) == 0 )
-			strcpy( item_cash_table, w2 );
+			safestrncpy( item_cash_table, w2, sizeof(item_cash_table) );
 		else if( strcmpi( w1, "item_cash2_table" ) == 0 )
-			strcpy( item_cash2_table, w2 );
+			safestrncpy( item_cash2_table, w2, sizeof(item_cash2_table) );
 		else if( strcmpi( w1, "vending_db" ) == 0 )
-			strcpy( vendings_table, w2 );
+			safestrncpy( vendings_table, w2, sizeof(vendings_table) );
 		else if( strcmpi( w1, "vending_items_table" ) == 0 )
-			strcpy(vending_items_table, w2);
+			safestrncpy(vending_items_table, w2, sizeof(vending_items_table));
 		else if( strcmpi(w1, "roulette_table") == 0)
-			strcpy(roulette_table, w2);
+			safestrncpy(roulette_table, w2, sizeof(roulette_table));
 		else if (strcmpi(w1, "market_table") == 0)
-			strcpy(market_table, w2);
+			safestrncpy(market_table, w2, sizeof(market_table));
 		else if (strcmpi(w1, "sales_table") == 0)
-			strcpy(sales_table, w2);
+			safestrncpy(sales_table, w2, sizeof(sales_table));
 		else if (strcmpi(w1, "guild_storage_log") == 0)
-			strcpy(guild_storage_log_table, w2);
+			safestrncpy(guild_storage_log_table, w2, sizeof(guild_storage_log_table));
 		else
 		//Map Server SQL DB
 		if(strcmpi(w1,"map_server_ip")==0)
-			strcpy(map_server_ip, w2);
+			safestrncpy(map_server_ip, w2, sizeof(map_server_ip));
 		else
 		if(strcmpi(w1,"map_server_port")==0)
 			map_server_port=atoi(w2);
 		else
 		if(strcmpi(w1,"map_server_id")==0)
-			strcpy(map_server_id, w2);
+			safestrncpy(map_server_id, w2, sizeof(map_server_id));
 		else
 		if(strcmpi(w1,"map_server_pw")==0)
-			strcpy(map_server_pw, w2);
+			safestrncpy(map_server_pw, w2, sizeof(map_server_pw));
 		else
 		if(strcmpi(w1,"map_server_db")==0)
-			strcpy(map_server_db, w2);
+			safestrncpy(map_server_db, w2, sizeof(map_server_db));
 		else
 		if(strcmpi(w1,"default_codepage")==0)
-			strcpy(default_codepage, w2);
+			safestrncpy(default_codepage, w2, sizeof(default_codepage));
 		else
 		if(strcmpi(w1,"use_sql_db")==0) {
 			db_use_sqldbs = config_switch(w2);
 			ShowStatus ("Using SQL dbs: %s\n",w2);
 		} else
 		if(strcmpi(w1,"log_db_ip")==0)
-			strcpy(log_db_ip, w2);
+			safestrncpy(log_db_ip, w2, sizeof(log_db_ip));
 		else
 		if(strcmpi(w1,"log_db_id")==0)
-			strcpy(log_db_id, w2);
+			safestrncpy(log_db_id, w2, sizeof(log_db_id));
 		else
 		if(strcmpi(w1,"log_db_pw")==0)
-			strcpy(log_db_pw, w2);
+			safestrncpy(log_db_pw, w2, sizeof(log_db_pw));
 		else
 		if(strcmpi(w1,"log_db_port")==0)
 			log_db_port = atoi(w2);
 		else
 		if(strcmpi(w1,"log_db_db")==0)
-			strcpy(log_db_db, w2);
+			safestrncpy(log_db_db, w2, sizeof(log_db_db));
 		else
 		if( mapreg_config_read(w1,w2) )
 			continue;