[quake3-commits] r1838 - in trunk/code: game qcommon
DONOTREPLY at icculus.org
DONOTREPLY at icculus.org
Wed Feb 2 21:54:36 EST 2011
Author: thilo
Date: 2011-02-02 21:54:36 -0500 (Wed, 02 Feb 2011)
New Revision: 1838
Modified:
trunk/code/game/g_svcmds.c
trunk/code/qcommon/cmd.c
Log:
- Fix bug #4769 remote server crash
- Fix potential 1-byte-buffer overflow in gamecode
Modified: trunk/code/game/g_svcmds.c
===================================================================
--- trunk/code/game/g_svcmds.c 2011-02-02 23:57:22 UTC (rev 1837)
+++ trunk/code/game/g_svcmds.c 2011-02-03 02:54:36 UTC (rev 1838)
@@ -155,7 +155,7 @@
Q_strcat(ip, sizeof(ip), va("%i", b[j]));
Q_strcat(ip, sizeof(ip), (j<3) ? "." : " ");
}
- if (strlen(iplist_final)+strlen(ip) < MAX_CVAR_VALUE_STRING)
+ if (strlen(iplist_final)+strlen(ip) < MAX_CVAR_VALUE_STRING - 1)
{
Q_strcat( iplist_final, sizeof(iplist_final), ip);
}
Modified: trunk/code/qcommon/cmd.c
===================================================================
--- trunk/code/qcommon/cmd.c 2011-02-02 23:57:22 UTC (rev 1837)
+++ trunk/code/qcommon/cmd.c 2011-02-03 02:54:36 UTC (rev 1838)
@@ -435,11 +435,20 @@
Replace command separators with space to prevent interpretation
This is a hack to protect buggy qvms
https://bugzilla.icculus.org/show_bug.cgi?id=3593
+ https://bugzilla.icculus.org/show_bug.cgi?id=4769
*/
-void Cmd_Args_Sanitize( void ) {
+
+void Cmd_Args_Sanitize(void)
+{
int i;
- for ( i = 1 ; i < cmd_argc ; i++ ) {
- char* c = cmd_argv[i];
+
+ for(i = 1; i < cmd_argc; i++)
+ {
+ char *c = cmd_argv[i];
+
+ if(strlen(c) > MAX_CVAR_VALUE_STRING - 1)
+ c[MAX_CVAR_VALUE_STRING - 1] = '\0';
+
while ((c = strpbrk(c, "\n\r;"))) {
*c = ' ';
++c;
More information about the quake3-commits
mailing list