buffer overflow and format string bug in auth server response processing

from Ludwig Nussel in ioquake3 svn 1025 git 8ca8d845911fb6545bf723cade39944d874d01ea fix buffer overflow and format string bug in auth server response processing
2024-11-24 21:21:33 +00:00 · 2013-05-07 17:41:16 +10:00 · 2013-05-07 17:41:16 +10:00 · eec13dc1bf
commit eec13dc1bf
parent 61687fff0c
1 changed files with 2 additions and 5 deletions
--- a/codemp/server/sv_client.cpp
+++ b/codemp/server/sv_client.cpp
@ -144,7 +144,6 @@ void SV_AuthorizeIpPacket( netadr_t from ) {
 	int		i;
 	char	*s;
 	char	*r;
-	char	ret[1024];

 	if ( !NET_CompareBaseAdr( from, svs.authorizeAddress ) ) {
 		Com_Printf( "SV_AuthorizeIpPacket: not from authorize server\n" );
@ -190,8 +189,7 @@ void SV_AuthorizeIpPacket( netadr_t from ) {
 		if (!r) {
 			NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\nAwaiting CD key authorization\n" );
 		} else {
-			sprintf(ret, "print\n%s\n", r);
-			NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, ret );
+			NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\n%s\n", r);
 		}
 		// clear the challenge record so it won't timeout and let them through
 		Com_Memset( &svs.challenges[i], 0, sizeof( svs.challenges[i] ) );
@ -202,8 +200,7 @@ void SV_AuthorizeIpPacket( netadr_t from ) {
 	if (!r) {
 		NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\nSomeone is using this CD Key\n" );
 	} else {
-		sprintf(ret, "print\n%s\n", r);
-		NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, ret );
+		NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\n%s\n", r);
 	}

 	// clear the challenge record so it won't timeout and let them through