ioquake/jedi-academy
0
0
Fork 0
mirror of https://github.com/ioquake/jedi-academy.git synced 2024-11-25 05:31:50 +00:00
Code Issues Projects Releases Packages Wiki Activity

CVE-2005-0430 Fixed q3infoboom

Browse source 
CVE-2005-0430
The Quake 3 engine, as used in multiple game packages, allows remote
attackers to cause a denial of service (shutdown game server) and
possibly crash the server via a long infostring, possibly triggering a
buffer overflow.

Luigi Auriemma q3infoboom

from Tim Angus in ioquake3
svn 95 git 33a48a0336865a9d21983e4836920cd9f3401101

It looks as if the q3infoboom bug has already been fixed in ioQ3 in a
different way, though this patch addresses the cause. The existing fix
should stay since it's a sensible sanity check anyway.

from http://www.quakesrc.org/forums/viewtopic.php?t=5374
This commit is contained in:
Jonathan Gray 2013-05-07 01:25:34 +10:00
parent a6591f68df
commit 8fc8601e0b
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
codemp/game/q_shared.c
View file

@ -1346,7 +1346,7 @@ void Info_SetValueForKey( char *s, const char *key, const char *value ) {
Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value); Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value);
if (strlen(newi) + strlen(s) > MAX_INFO_STRING) if (strlen(newi) + strlen(s) >= MAX_INFO_STRING)
{ {
Com_Printf ("Info string length exceeded\n"); Com_Printf ("Info string length exceeded\n");
return; return;
@ -1394,7 +1394,7 @@ void Info_SetValueForKey_Big( char *s, const char *key, const char *value ) {
Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value); Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value);
if (strlen(newi) + strlen(s) > BIG_INFO_STRING) if (strlen(newi) + strlen(s) >= BIG_INFO_STRING)
{ {
Com_Printf ("BIG Info string length exceeded\n"); Com_Printf ("BIG Info string length exceeded\n");
return; return;