From 6119ef7ae2ac461f22d9213910f71610fb923e0c Mon Sep 17 00:00:00 2001
From: Ignacio DM <ignaciofdm@gmail.com>
Date: Mon, 26 Apr 2021 03:33:11 -0300
Subject: [PATCH] Fix CAdminData buffer overrun Adjust admin.sma array sizes
 and DB sizes

---
 amxmodx/CMisc.h   | 4 ++--
 plugins/admin.sma | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/amxmodx/CMisc.h b/amxmodx/CMisc.h
index 9de8033cbc..0a1620bf7f 100755
--- a/amxmodx/CMisc.h
+++ b/amxmodx/CMisc.h
@@ -286,7 +286,7 @@ class CAdminData
 	void SetAuthID(const cell *Input)
 	{
 		unsigned int i=0;
-		while (i<sizeof(m_AuthData)-1)
+		while (i<arraysize(m_AuthData)-1)
 		{
 			if ((m_AuthData[i++]=*Input++)==0)
 			{
@@ -305,7 +305,7 @@ class CAdminData
 	void SetPass(const cell *Input)
 	{
 		unsigned int i=0;
-		while (i<sizeof(m_Password)-1)
+		while (i<arraysize(m_Password)-1)
 		{
 			if ((m_Password[i++]=*Input++)==0)
 			{
diff --git a/plugins/admin.sma b/plugins/admin.sma
index 1021fcc78d..139fb57c01 100755
--- a/plugins/admin.sma
+++ b/plugins/admin.sma
@@ -207,10 +207,10 @@ public addadminfn(id, level, cid)
 		return PLUGIN_HANDLED
 	}
 	
-	new flags[64]
+	new flags[32]
 	read_argv(2, flags, charsmax(flags))
 
-	new password[64]
+	new password[32]
 	if (read_argc() >= 4) {
 		read_argv(3, password, charsmax(password))
 	}
@@ -444,7 +444,7 @@ public adminSql()
 
 		query = SQL_PrepareQuery(sql, "SELECT auth, password, access, flags FROM %s", table)
 	} else {
-		SQL_QueryAndIgnore(sql, "CREATE TABLE IF NOT EXISTS `%s` ( `auth` VARCHAR( 32 ) NOT NULL, `password` VARCHAR( 32 ) NOT NULL, `access` VARCHAR( 32 ) NOT NULL, `flags` VARCHAR( 32 ) NOT NULL ) COMMENT = 'AMX Mod X Admins'", table)
+		SQL_QueryAndIgnore(sql, "CREATE TABLE IF NOT EXISTS `%s` ( `auth` VARCHAR( 43 ) NOT NULL, `password` VARCHAR( 31 ) NOT NULL, `access` VARCHAR( 31 ) NOT NULL, `flags` VARCHAR( 31 ) NOT NULL ) COMMENT = 'AMX Mod X Admins'", table)
 		query = SQL_PrepareQuery(sql,"SELECT `auth`,`password`,`access`,`flags` FROM `%s`", table)
 	}
 
@@ -465,7 +465,7 @@ public adminSql()
 		new qcolFlags = SQL_FieldNameToNum(query, "flags")
 		
 		new AuthData[44];
-		new Password[44];
+		new Password[32];
 		new Access[32];
 		new Flags[32];