[quake3-bugzilla] [Bug 5452] New: SV_ExecuteClientCommand() assumes the str length

bugzilla-daemon at icculus.org bugzilla-daemon at icculus.org
Fri Mar 23 14:53:37 EDT 2012


           Summary: SV_ExecuteClientCommand() assumes the str length
           Product: ioquake3
           Version: SVN HEAD
          Platform: PC
        OS/Version: Windows Vista
            Status: NEW
          Severity: minor
          Priority: P3
         Component: Misc
        AssignedTo: zakk at icculus.org
        ReportedBy: lrq3000 at gmail.com
         QAContact: quake3-bugzilla at icculus.org

There is a potential bug that may crash the server in sv_client.c
SV_ExecuteClientCommand() function:

if(strcmp(Cmd_Argv(0), "say") && strcmp(Cmd_Argv(0), "say_team") )
                Cmd_Args_Sanitize(); //remove \n, \r and ; from string. We
don't do that for say-commands because it makes people mad (understandebly)
            VM_Call( gvm, GAME_CLIENT_COMMAND, cl - svs.clients );

The strcmp assumes the client command is at least 3 characters, but if it's
below, it may crash the server. This should be converted to a Q_stricmp or a

Configure bugmail: https://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the quake3-bugzilla mailing list