From e0085cc5b3988468e86f4078af5afdfa572f2a72 Mon Sep 17 00:00:00 2001
From: Jonathan Naylor <naylorjs@yahoo.com>
Date: Wed, 7 Oct 2020 11:11:06 +0100
Subject: [PATCH] Fix buffer overflows.

---
 YSFGateway/Log.cpp   | 13 +++++++------
 YSFReflector/Log.cpp | 13 +++++++------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/YSFGateway/Log.cpp b/YSFGateway/Log.cpp
index 653c3a3..1d5ad29 100644
--- a/YSFGateway/Log.cpp
+++ b/YSFGateway/Log.cpp
@@ -65,15 +65,14 @@ static bool LogOpen()
 			::fclose(m_fpLog);
 	}
 
-	char filename[100U];
+	char filename[200U];
 #if defined(_WIN32) || defined(_WIN64)
 	::sprintf(filename, "%s\\%s-%04d-%02d-%02d.log", m_filePath.c_str(), m_fileRoot.c_str(), tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday);
 #else
 	::sprintf(filename, "%s/%s-%04d-%02d-%02d.log", m_filePath.c_str(), m_fileRoot.c_str(), tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday);
 #endif
 
-	if ((m_fpLog = ::fopen(filename, "a+t")) != NULL)
-	{
+	if ((m_fpLog = ::fopen(filename, "a+t")) != NULL) {
 		status = true;
 
 #if !defined(_WIN32) && !defined(_WIN64)
@@ -95,6 +94,9 @@ bool LogInitialise(bool daemon, const std::string& filePath, const std::string&
 	m_displayLevel = displayLevel;
 	m_daemon       = daemon;
 
+	if (m_daemon)
+		m_displayLevel = 0U;
+
 	return ::LogOpen();
 }
 
@@ -108,7 +110,7 @@ void Log(unsigned int level, const char* fmt, ...)
 {
 	assert(fmt != NULL);
 
-	char buffer[300U];
+	char buffer[501U];
 #if defined(_WIN32) || defined(_WIN64)
 	SYSTEMTIME st;
 	::GetSystemTime(&st);
@@ -126,7 +128,7 @@ void Log(unsigned int level, const char* fmt, ...)
 	va_list vl;
 	va_start(vl, fmt);
 
-	::vsprintf(buffer + ::strlen(buffer), fmt, vl);
+	::vsnprintf(buffer + ::strlen(buffer), 500, fmt, vl);
 
 	va_end(vl);
 
@@ -149,4 +151,3 @@ void Log(unsigned int level, const char* fmt, ...)
 		exit(1);
 	}
 }
-
diff --git a/YSFReflector/Log.cpp b/YSFReflector/Log.cpp
index 653c3a3..1d5ad29 100644
--- a/YSFReflector/Log.cpp
+++ b/YSFReflector/Log.cpp
@@ -65,15 +65,14 @@ static bool LogOpen()
 			::fclose(m_fpLog);
 	}
 
-	char filename[100U];
+	char filename[200U];
 #if defined(_WIN32) || defined(_WIN64)
 	::sprintf(filename, "%s\\%s-%04d-%02d-%02d.log", m_filePath.c_str(), m_fileRoot.c_str(), tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday);
 #else
 	::sprintf(filename, "%s/%s-%04d-%02d-%02d.log", m_filePath.c_str(), m_fileRoot.c_str(), tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday);
 #endif
 
-	if ((m_fpLog = ::fopen(filename, "a+t")) != NULL)
-	{
+	if ((m_fpLog = ::fopen(filename, "a+t")) != NULL) {
 		status = true;
 
 #if !defined(_WIN32) && !defined(_WIN64)
@@ -95,6 +94,9 @@ bool LogInitialise(bool daemon, const std::string& filePath, const std::string&
 	m_displayLevel = displayLevel;
 	m_daemon       = daemon;
 
+	if (m_daemon)
+		m_displayLevel = 0U;
+
 	return ::LogOpen();
 }
 
@@ -108,7 +110,7 @@ void Log(unsigned int level, const char* fmt, ...)
 {
 	assert(fmt != NULL);
 
-	char buffer[300U];
+	char buffer[501U];
 #if defined(_WIN32) || defined(_WIN64)
 	SYSTEMTIME st;
 	::GetSystemTime(&st);
@@ -126,7 +128,7 @@ void Log(unsigned int level, const char* fmt, ...)
 	va_list vl;
 	va_start(vl, fmt);
 
-	::vsprintf(buffer + ::strlen(buffer), fmt, vl);
+	::vsnprintf(buffer + ::strlen(buffer), 500, fmt, vl);
 
 	va_end(vl);
 
@@ -149,4 +151,3 @@ void Log(unsigned int level, const char* fmt, ...)
 		exit(1);
 	}
 }
-