From f5e11d4870ce9533a50486553515d90cbd3651c9 Mon Sep 17 00:00:00 2001
From: "Guilherme G. Menaldo" <guilherme.menaldo@outlook.com>
Date: Sun, 22 Sep 2024 13:10:21 -0300
Subject: [PATCH] Validate length of configuration names from add*Conf HPM
 commands

Providing a too long name/path would silently fail otherwise.
---
 src/common/HPM.c  | 5 +++++
 src/common/HPMi.h | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/src/common/HPM.c b/src/common/HPM.c
index 9608eec218e..4aa80c0ec38 100644
--- a/src/common/HPM.c
+++ b/src/common/HPM.c
@@ -451,6 +451,11 @@ static bool hplugins_addconf(unsigned int pluginID, enum HPluginConfType type, c
 		return false;
 	}
 
+	if (strnlen(name, HPM_ADDCONF_LENGTH) >= HPM_ADDCONF_LENGTH) {
+		ShowError("HPM->addConf:%s: config '%s' name/path is too long. Maximum is %d characters (see #define HPM_ADDCONF_LENGTH). Skipping it.\n", HPM->pid2name(pluginID), name, HPM_ADDCONF_LENGTH - 1);
+		return false;
+	}
+
 	ARR_FIND(0, VECTOR_LENGTH(HPM->config_listeners[type]), i, strcmpi(name, VECTOR_INDEX(HPM->config_listeners[type], i).key) == 0);
 	if (i != VECTOR_LENGTH(HPM->config_listeners[type])) {
 		ShowError("HPM->addConf:%s: duplicate '%s', already in use by '%s'!",
diff --git a/src/common/HPMi.h b/src/common/HPMi.h
index d7083bbf8ff..a44984495f2 100644
--- a/src/common/HPMi.h
+++ b/src/common/HPMi.h
@@ -35,6 +35,8 @@ struct map_session_data;
 struct hplugin_data_store;
 
 #define HPM_VERSION "1.2"
+
+// Maximum length of the configuration path for configs added with add*Conf
 #define HPM_ADDCONF_LENGTH 40
 
 struct hplugin_info {