[quake3-commits] r1750 - trunk/code/sys
DONOTREPLY at icculus.org
DONOTREPLY at icculus.org
Mon Nov 9 21:17:32 EST 2009
Author: thilo
Date: 2009-11-09 21:17:32 -0500 (Mon, 09 Nov 2009)
New Revision: 1750
Modified:
trunk/code/sys/con_tty.c
Log:
Fix possible buffer overflow in console, thanks to John Ellis for the patch.
Modified: trunk/code/sys/con_tty.c
===================================================================
--- trunk/code/sys/con_tty.c 2009-11-10 01:56:56 UTC (rev 1749)
+++ trunk/code/sys/con_tty.c 2009-11-10 02:17:32 UTC (rev 1750)
@@ -326,7 +326,7 @@
char *CON_Input( void )
{
// we use this when sending back commands
- static char text[256];
+ static char text[MAX_EDIT_LINE];
int avail;
char key;
field_t *history;
@@ -357,7 +357,7 @@
{
// push it in history
Hist_Add(&TTY_con);
- strcpy(text, TTY_con.buffer);
+ Q_strncpyz(text, TTY_con.buffer, sizeof(text));
Field_Clear(&TTY_con);
key = '\n';
size = write(1, &key, 1);
@@ -419,6 +419,8 @@
CON_FlushIn();
return NULL;
}
+ if (TTY_con.cursor >= sizeof(text) - 1)
+ return NULL;
// push regular character
TTY_con.buffer[TTY_con.cursor] = key;
TTY_con.cursor++;
More information about the quake3-commits
mailing list