[quake3] R_RemapShader buffer overflow fixed
Ludwig Nussel
ludwig.nussel at suse.de
Sat May 6 04:05:54 EDT 2006
Thilo Schulz wrote:
> I am pretty sure I have fixed the buffer overflow that this exploit here:
> http://milw0rm.com/exploits/1750
> is using. I have only tested this on a x86_64 architecture though and debugged
> a bit while connecting to an exploit-enabled server. Someone with normal i386
> may want to double check, I'm going to bed now...
Patch looks good. A small but dirty one line fix would be to just
place a hardcoded MAX_QPATH restriction in COM_StripExtension.
Fortunately R_RemapShader is in the engine so this particular
exploit can be stopped by updating the binary. However, there are
calls to COM_StripExtension in mod code too. If any of those operate
on server supplied data we might get an unfixable security problem.
To make exploits like this one harder it's a good idea to run the
client with NX enabled btw :-)
cu
Ludwig
--
(o_ Ludwig Nussel
//\ SUSE LINUX Products GmbH, Development
V_/_ http://www.suse.de/
More information about the quake3
mailing list