r95 - in trunk/code: cgame client game q3_ui qcommon server ui

DONOTREPLY at icculus.org DONOTREPLY at icculus.org
Mon Sep 19 13:45:29 EDT 2005 

Author: tma
Date: 2005-09-19 13:45:29 -0400 (Mon, 19 Sep 2005)
New Revision: 95

Modified:
   trunk/code/cgame/cg_players.c
   trunk/code/client/cl_keys.c
   trunk/code/client/cl_main.c
   trunk/code/client/keys.h
   trunk/code/game/q_shared.c
   trunk/code/q3_ui/ui_players.c
   trunk/code/qcommon/files.c
   trunk/code/server/sv_main.c
   trunk/code/ui/ui_players.c
Log:
* Fix to multiple buffer overflow bugs in CL_Rcon_f
* Fix to COM_ParseExt 1 byte overwrite bug
* Fixed some missing calls to trap_FS_FCloseFile
* Fixed q3msgboom and q3infoboom bugs
* Fixed some qboolean type confusion
* Above fixes from http://www.quakesrc.org/forums/viewtopic.php?t=5374


Modified: trunk/code/cgame/cg_players.c
===================================================================
--- trunk/code/cgame/cg_players.c	2005-09-17 16:21:39 UTC (rev 94)
+++ trunk/code/cgame/cg_players.c	2005-09-19 17:45:29 UTC (rev 95)
@@ -107,6 +107,7 @@
 	}
 	if ( len >= sizeof( text ) - 1 ) {
 		CG_Printf( "File %s too long\n", filename );
+		trap_FS_FCloseFile( f );
 		return qfalse;
 	}
 	trap_FS_Read( text, len, f );

Modified: trunk/code/client/cl_keys.c
===================================================================
--- trunk/code/client/cl_keys.c	2005-09-17 16:21:39 UTC (rev 94)
+++ trunk/code/client/cl_keys.c	2005-09-19 17:45:29 UTC (rev 95)
@@ -42,7 +42,7 @@
 
 qboolean	key_overstrikeMode;
 
-qboolean	anykeydown;
+int				anykeydown;
 qkey_t		keys[MAX_KEYS];
 
 
@@ -1238,7 +1238,7 @@
 {
 	int		i;
 
-	anykeydown = qfalse;
+	anykeydown = 0;
 
 	for ( i=0 ; i < MAX_KEYS ; i++ ) {
 		if ( keys[i].down ) {

Modified: trunk/code/client/cl_main.c
===================================================================
--- trunk/code/client/cl_main.c	2005-09-17 16:21:39 UTC (rev 94)
+++ trunk/code/client/cl_main.c	2005-09-19 17:45:29 UTC (rev 95)
@@ -1090,6 +1090,7 @@
 	Cvar_Set( "cl_currentServerAddress", server );
 }
 
+#define MAX_RCON_MESSAGE 1024
 
 /*
 =====================
@@ -1100,7 +1101,7 @@
 =====================
 */
 void CL_Rcon_f( void ) {
-	char	message[1024];
+	char	message[MAX_RCON_MESSAGE];
 	netadr_t	to;
 
 	if ( !rcon_client_password->string ) {
@@ -1115,13 +1116,13 @@
 	message[3] = -1;
 	message[4] = 0;
 
-	strcat (message, "rcon ");
+	Q_strcat (message, MAX_RCON_MESSAGE, "rcon ");
 
-	strcat (message, rcon_client_password->string);
-	strcat (message, " ");
+	Q_strcat (message, MAX_RCON_MESSAGE, rcon_client_password->string);
+	Q_strcat (message, MAX_RCON_MESSAGE, " ");
 
 	// https://zerowing.idsoftware.com/bugzilla/show_bug.cgi?id=543
-	strcat (message, Cmd_Cmd()+5);
+	Q_strcat (message, MAX_RCON_MESSAGE, Cmd_Cmd()+5);
 
 	if ( cls.state >= CA_CONNECTED ) {
 		to = clc.netchan.remoteAddress;

Modified: trunk/code/client/keys.h
===================================================================
--- trunk/code/client/keys.h	2005-09-17 16:21:39 UTC (rev 94)
+++ trunk/code/client/keys.h	2005-09-19 17:45:29 UTC (rev 95)
@@ -43,7 +43,7 @@
 
 extern	field_t	g_consoleField;
 extern	field_t	chatField;
-extern	qboolean	anykeydown;
+extern	int				anykeydown;
 extern	qboolean	chat_team;
 extern	int			chat_playerNum;
 

Modified: trunk/code/game/q_shared.c
===================================================================
--- trunk/code/game/q_shared.c	2005-09-17 16:21:39 UTC (rev 94)
+++ trunk/code/game/q_shared.c	2005-09-19 17:45:29 UTC (rev 95)
@@ -453,7 +453,7 @@
 				*data_p = ( char * ) data;
 				return com_token;
 			}
-			if (len < MAX_TOKEN_CHARS)
+			if (len < MAX_TOKEN_CHARS - 1)
 			{
 				com_token[len] = c;
 				len++;
@@ -464,7 +464,7 @@
 	// parse a regular word
 	do
 	{
-		if (len < MAX_TOKEN_CHARS)
+		if (len < MAX_TOKEN_CHARS - 1)
 		{
 			com_token[len] = c;
 			len++;
@@ -475,11 +475,6 @@
 			com_lines++;
 	} while (c>32);
 
-	if (len == MAX_TOKEN_CHARS)
-	{
-//		Com_Printf ("Token exceeded %i chars, discarded.\n", MAX_TOKEN_CHARS);
-		len = 0;
-	}
 	com_token[len] = 0;
 
 	*data_p = ( char * ) data;
@@ -1192,7 +1187,7 @@
 
 	Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value);
 
-	if (strlen(newi) + strlen(s) > MAX_INFO_STRING)
+	if (strlen(newi) + strlen(s) >= MAX_INFO_STRING)
 	{
 		Com_Printf ("Info string length exceeded\n");
 		return;
@@ -1240,7 +1235,7 @@
 
 	Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value);
 
-	if (strlen(newi) + strlen(s) > BIG_INFO_STRING)
+	if (strlen(newi) + strlen(s) >= BIG_INFO_STRING)
 	{
 		Com_Printf ("BIG Info string length exceeded\n");
 		return;

Modified: trunk/code/q3_ui/ui_players.c
===================================================================
--- trunk/code/q3_ui/ui_players.c	2005-09-17 16:21:39 UTC (rev 94)
+++ trunk/code/q3_ui/ui_players.c	2005-09-19 17:45:29 UTC (rev 95)
@@ -943,6 +943,7 @@
 	}
 	if ( len >= ( sizeof( text ) - 1 ) ) {
 		Com_Printf( "File %s too long\n", filename );
+		trap_FS_FCloseFile( f );
 		return qfalse;
 	}
 	trap_FS_Read( text, len, f );

Modified: trunk/code/qcommon/files.c
===================================================================
--- trunk/code/qcommon/files.c	2005-09-17 16:21:39 UTC (rev 94)
+++ trunk/code/qcommon/files.c	2005-09-19 17:45:29 UTC (rev 95)
@@ -950,11 +950,11 @@
 		}
 		
 		if (c1 != c2) {
-			return -1;		// strings not equal
+			return qtrue;		// strings not equal
 		}
 	} while (c1);
 	
-	return 0;		// strings are equal
+	return qfalse;		// strings are equal
 }
 
 /*

Modified: trunk/code/server/sv_main.c
===================================================================
--- trunk/code/server/sv_main.c	2005-09-17 16:21:39 UTC (rev 94)
+++ trunk/code/server/sv_main.c	2005-09-19 17:45:29 UTC (rev 95)
@@ -172,6 +172,14 @@
 	Q_vsnprintf ((char *)message, sizeof(message), fmt,argptr);
 	va_end (argptr);
 
+	// Fix to http://aluigi.altervista.org/adv/q3msgboom-adv.txt
+	// The actual cause of the bug is probably further downstream
+	// and should maybe be addressed later, but this certainly
+	// fixes the problem for now
+	if ( strlen ((char *)message) > 1022 ) {
+		return;
+	}
+
 	if ( cl != NULL ) {
 		SV_AddServerCommand( cl, (char *)message );
 		return;

Modified: trunk/code/ui/ui_players.c
===================================================================
--- trunk/code/ui/ui_players.c	2005-09-17 16:21:39 UTC (rev 94)
+++ trunk/code/ui/ui_players.c	2005-09-19 17:45:29 UTC (rev 95)
@@ -1040,6 +1040,7 @@
 	}
 	if ( len >= ( sizeof( text ) - 1 ) ) {
 		Com_Printf( "File %s too long\n", filename );
+		trap_FS_FCloseFile( f );
 		return qfalse;
 	}
 	trap_FS_Read( text, len, f );

More information about the quake3-commits mailing list