ioquake/jedi-academy
0
0
Fork 0
mirror of https://github.com/ioquake/jedi-academy.git synced 2024-11-22 04:11:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

CVE-2006-3401 Stack-based buffer overflow in CS_ITEMS

Browse source 
CVE-2006-3401
Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena
1.32b and 1.32c allows remote attackers to cause a denial of service and
possibly execute code via long CS_ITEMS values.

from Thilo Schulz in ioquake3
svn 813 git fc244c97ef1a5f1c6e7c1f46a098c8f57f271153

Fix critical buffer overflow in cgame, see exploit at
http://www.milw0rm.com/exploits/1977
This commit is contained in:
Jonathan Gray 2013-05-07 16:06:57 +10:00
parent ac9e5f1f79
commit 6e05e1552e
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
codemp/cgame/cg_main.c
View file

@ -1767,7 +1767,7 @@ static void CG_RegisterSounds( void ) {
} }
// only register the items that the server says we need // only register the items that the server says we need
strcpy( items, CG_ConfigString( CS_ITEMS ) ); Q_strncpyz(items, CG_ConfigString(CS_ITEMS), sizeof(items));
for ( i = 1 ; i < bg_numItems ; i++ ) { for ( i = 1 ; i < bg_numItems ; i++ ) {
if ( items[ i ] == '1' || cg_buildScript.integer ) { if ( items[ i ] == '1' || cg_buildScript.integer ) {
@ -2214,7 +2214,7 @@ Ghoul2 Insert End
memset( cg_weapons, 0, sizeof( cg_weapons ) ); memset( cg_weapons, 0, sizeof( cg_weapons ) );
// only register the items that the server says we need // only register the items that the server says we need
strcpy( items, CG_ConfigString( CS_ITEMS) ); Q_strncpyz(items, CG_ConfigString(CS_ITEMS), sizeof(items));
for ( i = 1 ; i < bg_numItems ; i++ ) { for ( i = 1 ; i < bg_numItems ; i++ ) {
if ( items[ i ] == '1' || cg_buildScript.integer ) { if ( items[ i ] == '1' || cg_buildScript.integer ) {