blendo/thirtyflightsofloving
0
0
Fork 0
mirror of https://github.com/blendogames/thirtyflightsofloving.git synced 2024-11-14 08:31:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fixed writes to CS_GENERAL configstrings overwriting all following configstrings.

Browse source
This commit is contained in:
Knightmare66 2020-08-19 03:52:02 -04:00
parent f4a9eff8d3
commit 87e25e6e21
2 changed files with 5 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
client/cl_parse.c
View file

@ -499,16 +499,17 @@ void CL_ParseConfigString (void)
strncpy (cl.configstrings[i], s, (sizeof(cl.configstrings[i]) * (CS_AIRACCEL - i))-1 );
cl.configstrings[CS_AIRACCEL-1][MAX_QPATH-1] = 0; // null terminate end of section
}
else if ( LegacyProtocol() && (i >= OLD_CS_GENERAL && i < OLD_MAX_CONFIGSTRINGS) ) { // allow writes to general strings to overflow
// Removed these because strncpy() overwrites destination with trailing zeroes until count is reached
/* else if ( LegacyProtocol() && (i >= OLD_CS_GENERAL && i < OLD_MAX_CONFIGSTRINGS) ) { // allow writes to general strings to overflow
strncpy (cl.configstrings[i], s, (sizeof(cl.configstrings[i]) * (OLD_MAX_CONFIGSTRINGS - i))-1 );
cl.configstrings[OLD_MAX_CONFIGSTRINGS-1][MAX_QPATH-1] = 0; // null terminate end of section
Com_Printf("CL_ParseConfigString: CS_GENERAL %i: '%s', maxlen=%i\n", i, s, (sizeof(cl.configstrings[i]) * (OLD_MAX_CONFIGSTRINGS - i))-1); // FIXME: remove this!
// Com_Printf("CL_ParseConfigString: CS_GENERAL %i: '%s', maxlen=%i\n", i, s, (sizeof(cl.configstrings[i]) * (OLD_MAX_CONFIGSTRINGS - i))-1);
}
else if ( !LegacyProtocol() && (i >= CS_GENERAL && i < CS_PAKFILE) ) { // allow writes to general strings to overflow
strncpy (cl.configstrings[i], s, (sizeof(cl.configstrings[i]) * (CS_PAKFILE - i))-1 );
cl.configstrings[CS_PAKFILE-1][MAX_QPATH-1] = 0; // null terminate end of section
Com_Printf("CL_ParseConfigString: CS_GENERAL %i: '%s', maxlen=%i\n", i, s, (sizeof(cl.configstrings[i]) * (CS_PAKFILE - i))-1); // FIXME: remove this!
}
// Com_Printf("CL_ParseConfigString: CS_GENERAL %i: '%s', maxlen=%i\n", i, s, (sizeof(cl.configstrings[i]) * (CS_PAKFILE - i))-1);
}*/
else {
if (length >= MAX_QPATH)
Com_Printf(S_COLOR_YELLOW"CL_ParseConfigString: string %d of length %d exceeds MAX_QPATH.\n", i, (int)length);

8
client/cl_screen.c
View file

@ -1237,14 +1237,6 @@ void SCR_DumpStatusLayout_f (void)
bufcount += (int)strlen(formatLine);
for (i = cs_general; i < (cs_general + MAX_GENERAL); i++)
{
/* memset(rawLine, 0, sizeof(rawLine));
for (j=0; j<MAX_QPATH; j++) {
rawLine[j] = cl.configstrings[i][j];
if (rawLine[j] == '\0') rawLine[j] = ' ';
if (rawLine[j] == '\t') rawLine[j] = ' ';
}
rawLine[MAX_QPATH] = ' ';
Com_sprintf(formatLine, sizeof(formatLine), "%i: %s\n", i, rawLine);*/
Com_sprintf(formatLine, sizeof(formatLine), "%i: %s\n", i, cl.configstrings[i]);
// prevent overflow of buffer
if ( (bufcount + strlen(formatLine)) >= sizeof(buffer) ) {