[iortcw] 346/497: All: Fix buffer overflow in CL_CheckForResend
Simon McVittie
smcv at debian.org
Fri Sep 8 10:37:25 UTC 2017
This is an automated email from the git hooks/post-receive script.
smcv pushed a commit to annotated tag 1.42d
in repository iortcw.
commit 2116392b158b2c38b5e9a7626b9ee5e12bbcfd29
Author: Donny <M4N4T4RMS at gmail.com>
Date: Fri Jun 19 06:06:12 2015 -0400
All: Fix buffer overflow in CL_CheckForResend
---
MP/code/client/cl_main.c | 19 ++++---------------
SP/code/client/cl_main.c | 19 ++++---------------
2 files changed, 8 insertions(+), 30 deletions(-)
diff --git a/MP/code/client/cl_main.c b/MP/code/client/cl_main.c
index e6410bf..283176e 100644
--- a/MP/code/client/cl_main.c
+++ b/MP/code/client/cl_main.c
@@ -2479,9 +2479,9 @@ Resend a connect message if the last one has timed out
=================
*/
void CL_CheckForResend( void ) {
- int port, i;
+ int port;
char info[MAX_INFO_STRING];
- char data[MAX_INFO_STRING];
+ char data[MAX_INFO_STRING + 10];
// don't send anything if playing back a demo
if ( clc.demoplaying ) {
@@ -2535,19 +2535,8 @@ void CL_CheckForResend( void ) {
Info_SetValueForKey( info, "qport", va("%i", port ) );
Info_SetValueForKey( info, "challenge", va("%i", clc.challenge ) );
- strcpy(data, "connect ");
- // TTimo adding " " around the userinfo string to avoid truncated userinfo on the server
- // (Com_TokenizeString tokenizes around spaces)
- data[8] = '"';
-
- for(i=0;i<strlen(info);i++) {
- data[9+i] = info[i]; // + (clc.challenge)&0x3;
- }
- data[9+i] = '"';
- data[10+i] = 0;
-
- // NOTE TTimo don't forget to set the right data length!
- NET_OutOfBandData( NS_CLIENT, clc.serverAddress, (byte *) &data[0], i+10 );
+ Com_sprintf( data, sizeof(data), "connect \"%s\"", info );
+ NET_OutOfBandData( NS_CLIENT, clc.serverAddress, (byte *) data, strlen ( data ) );
// the most current userinfo has been sent, so watch for any
// newer changes to userinfo variables
cvar_modifiedFlags &= ~CVAR_USERINFO;
diff --git a/SP/code/client/cl_main.c b/SP/code/client/cl_main.c
index 40b9941..ca5671f 100644
--- a/SP/code/client/cl_main.c
+++ b/SP/code/client/cl_main.c
@@ -2336,9 +2336,9 @@ Resend a connect message if the last one has timed out
=================
*/
void CL_CheckForResend( void ) {
- int port, i;
+ int port;
char info[MAX_INFO_STRING];
- char data[MAX_INFO_STRING];
+ char data[MAX_INFO_STRING + 10];
// don't send anything if playing back a demo
if ( clc.demoplaying ) {
@@ -2391,19 +2391,8 @@ void CL_CheckForResend( void ) {
Info_SetValueForKey( info, "qport", va( "%i", port ) );
Info_SetValueForKey( info, "challenge", va( "%i", clc.challenge ) );
- strcpy(data, "connect ");
- // TTimo adding " " around the userinfo string to avoid truncated userinfo on the server
- // (Com_TokenizeString tokenizes around spaces)
- data[8] = '"';
-
- for(i=0;i<strlen(info);i++) {
- data[9+i] = info[i]; // + (clc.challenge)&0x3;
- }
- data[9+i] = '"';
- data[10+i] = 0;
-
- // NOTE TTimo don't forget to set the right data length!
- NET_OutOfBandData( NS_CLIENT, clc.serverAddress, (byte *) &data[0], i+10 );
+ Com_sprintf( data, sizeof(data), "connect \"%s\"", info );
+ NET_OutOfBandData( NS_CLIENT, clc.serverAddress, (byte *) data, strlen ( data ) );
// the most current userinfo has been sent, so watch for any
// newer changes to userinfo variables
cvar_modifiedFlags &= ~CVAR_USERINFO;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/iortcw.git
More information about the Pkg-games-commits
mailing list