From a6591f68df9db2a513d84bca96aaf2ce095f9808 Mon Sep 17 00:00:00 2001
From: Jonathan Gray <jsg@jsg.id.au>
Date: Tue, 7 May 2013 01:15:46 +1000
Subject: [PATCH] CVE-2005-0430 Remotely exploitable Infostring Crash

CVE-2005-0430
The Quake 3 engine, as used in multiple game packages, allows remote
attackers to cause a denial of service (shutdown game server) and
possibly crash the server via a long infostring, possibly triggering a
buffer overflow.

Luigi Auriemma q3infoboom
bugzilla #2356

from Thilo Schulz in ioquake3
svn 58 git 01da6d757bb3121c9ee077e7269eee7655abd05b

https://bugzilla.icculus.org/show_bug.cgi?id=2356
Remotely exploitable Infostring Crash
---
 codemp/server/sv_main.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/codemp/server/sv_main.cpp b/codemp/server/sv_main.cpp
index 928448d..26a90c9 100644
--- a/codemp/server/sv_main.cpp
+++ b/codemp/server/sv_main.cpp
@@ -401,6 +401,15 @@ void SVC_Info( netadr_t from ) {
 		return;
 	}
 
+	/*
+	 * Check whether Cmd_Argv(1) has a sane length. This was not done in the original Quake3 version which led
+	 * to the Infostring bug discovered by Luigi Auriemma. See http://aluigi.altervista.org/ for the advisory.
+	 */
+
+	// A maximum challenge length of 128 should be more than plenty.
+	if(strlen(Cmd_Argv(1)) > 128)
+		return;
+
 	// don't count privateclients
 	count = 0;
 	for ( i = sv_privateClients->integer ; i < sv_maxclients->integer ; i++ ) {