Limit acl object length

Author: patrikjuvonen

Server/mods/deathmatch/logic/CAccessControlListGroup.cpp

@@ -195,30 +195,26 @@ void CAccessControlListGroup::WriteToXMLNode(CXMLNode* pNode)
         CAccessControlListGroupObject* pObject = *iter;
 
         // Find out the object type string
-        char szObjectType[255];
+        std::string strObjectType = "error";
         switch (pObject->GetObjectType())
         {
             case CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE:
-                strcpy(szObjectType, "resource");
+                strObjectType = "resource";
                 break;
 
             case CAccessControlListGroupObject::OBJECT_TYPE_USER:
-                strcpy(szObjectType, "user");
-                break;
-
-            default:
-                strcpy(szObjectType, "error");
+                strObjectType = "user";
                 break;
         }
 
         // Append a dot append the name of the node
-        strcat(szObjectType, ".");
-        strncat(szObjectType, pObject->GetObjectName(), NUMELMS(szObjectType) - 1);
+        strObjectType += ".";
+        strObjectType += pObject->GetObjectName();
 
         // Create the subnode for this object and write the name attribute we generated
         CXMLNode* pObjectNode = pSubNode->CreateSubNode("object");
         pAttribute = pObjectNode->GetAttributes().Create("name");
-        pAttribute->SetValue(szObjectType);
+        pAttribute->SetValue(strObjectType.c_str());
     }
 }
 

Server/mods/deathmatch/logic/luadefs/CLuaACLDefs.cpp

@@ -746,6 +746,9 @@ int CLuaACLDefs::aclGroupAddObject(lua_State* luaVM)
     argStream.ReadUserData(pGroup);
     argStream.ReadString(strObject);
 
+    if (strObject.length() > 255)
+        argStream.SetCustomError(SString("Object name is too long, max length 255, got %d.", strObject.length()));
+
     if (!argStream.HasErrors())
     {
         // Figure out what type of object this is