From cde5fcfb9b09323c553e446988a056f7ad1cc4b0 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Tue, 13 Jan 2009 07:57:03 +0000 Subject: [PATCH] fix overflow in CG_ParseTeamInfo based on patch for Tremulous, thanks to Roman Tetelman --- code/cgame/cg_servercmds.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/code/cgame/cg_servercmds.c b/code/cgame/cg_servercmds.c index 185a068f..7761646e 100644 --- a/code/cgame/cg_servercmds.c +++ b/code/cgame/cg_servercmds.c @@ -118,9 +118,20 @@ static void CG_ParseTeamInfo( void ) { int client; numSortedTeamPlayers = atoi( CG_Argv( 1 ) ); + if( numSortedTeamPlayers < 0 || numSortedTeamPlayers > TEAM_MAXOVERLAY ) + { + CG_Error( "CG_ParseTeamInfo: numSortedTeamPlayers out of range (%d)", + numSortedTeamPlayers ); + return; + } for ( i = 0 ; i < numSortedTeamPlayers ; i++ ) { client = atoi( CG_Argv( i * 6 + 2 ) ); + if( client < 0 || client >= MAX_CLIENTS ) + { + CG_Error( "CG_ParseTeamInfo: bad client number: %d", client ); + return; + } sortedTeamPlayers[i] = client;