sscanf warning: String buffer overflow

sscanf warning: String buffer overflow - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: sscanf warning: String buffer overflow (/showthread.php?tid=552407)

sscanf warning: String buffer overflow - HighFlyer - 24.12.2014

I've read that this warning refers to the string being too large, or too short, but I am not sure what the issue is in this case. Basically, I have a login system where it checks the user against the DB for his MD5 password. However, as soon as I type in the password into DIALOG_LOGIN, the server closes the connection.

mysql debug:

Код:

[03:15:33] >> mysql_real_escape_string( Connection handle: 1 )

[03:15:33] CMySQLHandler::EscapeString([SATC]HighFlyer); - Escaped 15 characters to [SATC]HighFlyer.

[03:15:33] >> mysql_query( Connection handle: 1 )

[03:15:33] CMySQLHandler::Query(SELECT * FROM `Accounts` WHERE `Username` = '[SATC]HighFlyer' AND `Password` = md5('testing')) - Successfully executed.

[03:15:33] >> mysql_store_result( Connection handle: 1 )

[03:15:33] CMySQLHandler::StoreResult() - Result was stored.

[03:15:33] >> mysql_num_rows( Connection handle: 1 )

[03:15:33] CMySQLHandler::NumRows() - Returned 1 row(s)

[03:15:33] >> mysql_fetch_row_format( Connection handle: 1 )

[03:15:33] CMySQLHandler::FetchRow() - Return: [SATC]HighFlyer|ae2b1fca515949e5d54fb22b8ed95575|127.0.0.1|23/5/1977|Vice City|312423|214748|14|5|0|0|0|3||236|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|||0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0

[03:15:33] ---------------------------

[03:15:33] MySQL Debugging de-activated

[03:15:33] ---------------------------

Console points towards sscanf buffer overflow the moment I'm kicked:

Код:

[03:15:30] Incoming connection: 127.0.0.1:50277
[03:15:30] [join] [SATC]HighFlyer has joined the server (0:127.0.0.1)
[03:15:33] sscanf warning: String buffer overflow.
[03:15:33] [part] [SATC]HighFlyer has left the server (0:2)

This is the code for the DIALOG_LOGIN:

Код:

case DIALOG_LOGIN:
		{
		    if(!response) // Cancel
		    {
				Kick(playerid);
				return 1;
			}

			if(!inputtext[0])
			{
			    SendClientMessage(playerid, RED, "Error: Please enter a password.");
				Dialog_Login(playerid);
				return 1;
			}

			new esc_password[MAX_PASSWORD_LEN], query[512];
			format(esc_password, sizeof(esc_password), "%s", inputtext);

			mysql_debug(1);
			format(query, sizeof(query), "SELECT * FROM `Accounts` WHERE `Username` = '%s' AND `Password` = md5('%s')", GetPlayerEscapedName(playerid), esc_password);
			mysql_query(query);
			mysql_store_result();

			if(mysql_num_rows() != 0) // Password is correct
			{
			    new result[1024];
				mysql_fetch_row_format(result);

			    if(sscanf(result, MYSQL_PLAYER_LOAD_FORMAT, Player[playerid]))
			    {
			        WipeChat(playerid);

			        SendClientMessage(playerid, WHITE, "There was an error with the format of your account data.");
			        SendClientMessage(playerid, WHITE, "Please take a screenshot, if you know how, and post it as a bug report.");
					SendClientMessage(playerid, WHITE, "Forums: "FORUMS"");

					Kick(playerid);
					mysql_debug(0);
					return 1;
				}

				OnPlayerLogin(playerid);
			}
			
			else
			{
    			Player[playerid][LoginAttempts]++;

				format(str, sizeof(str), "Error: Invalid password (%d/%d)", Player[playerid][LoginAttempts], MAX_LOGIN_ATTEMPTS);
				SendClientMessage(playerid, RED, str);

				if(Player[playerid][LoginAttempts] >= MAX_LOGIN_ATTEMPTS) // He has tried to login MAX_LOGIN_ATTEMPTS times (or more if that was to somehow happen..)
				{
					SendClientMessage(playerid, RED, "Error: Too many login attempts, you have been kicked.");

					Player[playerid][LoginAttempts] = 0;
					Kick(playerid);
					return 1;
				}

				Dialog_Login(playerid);
			}

			mysql_free_result();
		}

And some defines for the code above:

Код:

#define MAX_PASSWORD_LEN        (32)
#define MYSQL_PLAYER_LOAD_FORMAT "e<p<|>s[24]s[32]s[16]s[16]s[24]dddddddds[12]dddddddddddddddds[128]s[24]dds[24]ddddddddddddddddddddddddddddddddddddddddddddddddddddddffddddddddd>"

"Password" field in DB is set as char(32).

Re: sscanf warning: String buffer overflow - semara123 - 24.12.2014

i think the problem is in converting MD5 password in to text password so it made unhandled exception in the mysql then try to recheck ur database and check the define like :

#define ur mysql user
#define ur mysql pass

hope this help if not i'm sorry if i cant help u

Re: sscanf warning: String buffer overflow - HighFlyer - 24.12.2014

Quote:

Originally Posted by semara123

i think the problem is in converting MD5 password in to text password so it made unhandled exception in the mysql then try to recheck ur database and check the define like :

#define ur mysql user
#define ur mysql pass

hope this help if not i'm sorry if i cant help u

I think it's fine, otherwise it wouldn't be saving anything back into the database. I can register an account, but I can't login.

Quote:

Originally Posted by ******

https://github.com/Y-Less/sscanf/wik...uffer_overflow

Thanks, I guess I'm putting too much data into the string but how should I set up the password field in the DB? it's char(32), as I figure that MD5 always has 32 characters; but that doesn't work. VARCHAR doesn't work either.

Quote:

MD5 generates a 128-bit hash value. You can use CHAR(32) or BINARY(16)

Re: sscanf warning: String buffer overflow - HighFlyer - 25.12.2014

I've ignored this warning, but it seems to be falling on one of the lines inside DIALOG_LOGIN case of the dialog. Perhaps this could be why? How can I solve this?

Код:

C:\Users\Kamil\Desktop\SATC\gamemodes\satc.pwn(11512) : warning 202: number of arguments does not match definition
Pawn compiler 3.2.3664	 	 	Copyright © 1997-2006, ITB CompuPhase


1 Warning.

Line 11512 is:

Код:

OnPlayerLogin(playerid);