mirror of
https://github.com/ioquake/jedi-academy.git
synced 2024-11-25 05:31:50 +00:00
CVE-2005-0430 Fixed q3infoboom
CVE-2005-0430 The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow. Luigi Auriemma q3infoboom from Tim Angus in ioquake3 svn 95 git 33a48a0336865a9d21983e4836920cd9f3401101 It looks as if the q3infoboom bug has already been fixed in ioQ3 in a different way, though this patch addresses the cause. The existing fix should stay since it's a sensible sanity check anyway. from http://www.quakesrc.org/forums/viewtopic.php?t=5374
This commit is contained in:
parent
a6591f68df
commit
8fc8601e0b
1 changed files with 2 additions and 2 deletions
|
@ -1346,7 +1346,7 @@ void Info_SetValueForKey( char *s, const char *key, const char *value ) {
|
|||
|
||||
Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value);
|
||||
|
||||
if (strlen(newi) + strlen(s) > MAX_INFO_STRING)
|
||||
if (strlen(newi) + strlen(s) >= MAX_INFO_STRING)
|
||||
{
|
||||
Com_Printf ("Info string length exceeded\n");
|
||||
return;
|
||||
|
@ -1394,7 +1394,7 @@ void Info_SetValueForKey_Big( char *s, const char *key, const char *value ) {
|
|||
|
||||
Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value);
|
||||
|
||||
if (strlen(newi) + strlen(s) > BIG_INFO_STRING)
|
||||
if (strlen(newi) + strlen(s) >= BIG_INFO_STRING)
|
||||
{
|
||||
Com_Printf ("BIG Info string length exceeded\n");
|
||||
return;
|
||||
|
|
Loading…
Reference in a new issue