Squashed a QW showstopper, last one I hope!
Fixed a rare chance of a buffer overflow attack in the display code.
This commit is contained in:
parent
e3ac6357dc
commit
8a2e473014
|
@ -225,7 +225,11 @@ void CL_SendConnectPacket (void)
|
||||||
|
|
||||||
cls.qport = Cvar_VariableValue("qport");
|
cls.qport = Cvar_VariableValue("qport");
|
||||||
|
|
||||||
Info_SetValueForStarKey (cls.userinfo, "*ip", NET_AdrToString(adr), MAX_INFO_STRING);
|
// Arrgh, this was not in the old binary only release, and eats up
|
||||||
|
// far too much of the 196 chars in the userinfo space, leaving nothing
|
||||||
|
// for player use, thus, its commented out for the moment..
|
||||||
|
//
|
||||||
|
//Info_SetValueForStarKey (cls.userinfo, "*ip", NET_AdrToString(adr), MAX_INFO_STRING);
|
||||||
|
|
||||||
// Con_Printf ("Connecting to %s...\n", cls.servername);
|
// Con_Printf ("Connecting to %s...\n", cls.servername);
|
||||||
sprintf (data, "%c%c%c%cconnect %i %i %i \"%s\"\n",
|
sprintf (data, "%c%c%c%cconnect %i %i %i \"%s\"\n",
|
||||||
|
@ -1072,7 +1076,8 @@ void CL_Init (void)
|
||||||
Info_SetValueForKey (cls.userinfo, "bottomcolor", "0", MAX_INFO_STRING);
|
Info_SetValueForKey (cls.userinfo, "bottomcolor", "0", MAX_INFO_STRING);
|
||||||
Info_SetValueForKey (cls.userinfo, "rate", "2500", MAX_INFO_STRING);
|
Info_SetValueForKey (cls.userinfo, "rate", "2500", MAX_INFO_STRING);
|
||||||
Info_SetValueForKey (cls.userinfo, "msg", "1", MAX_INFO_STRING);
|
Info_SetValueForKey (cls.userinfo, "msg", "1", MAX_INFO_STRING);
|
||||||
sprintf (st, "%4.2f-%04d", VERSION, build_number());
|
//sprintf (st, "%4.2f-%04d", VERSION, build_number());
|
||||||
|
sprintf (st, "%.1f", VERSION);
|
||||||
Info_SetValueForStarKey (cls.userinfo, "*ver", st, MAX_INFO_STRING);
|
Info_SetValueForStarKey (cls.userinfo, "*ver", st, MAX_INFO_STRING);
|
||||||
|
|
||||||
CL_InitInput ();
|
CL_InitInput ();
|
||||||
|
|
|
@ -2022,10 +2022,10 @@ void Info_SetValueForStarKey (char *s, char *key, char *value, int maxsize)
|
||||||
|
|
||||||
// this next line is kinda trippy
|
// this next line is kinda trippy
|
||||||
if (*(v = Info_ValueForKey(s, key))) {
|
if (*(v = Info_ValueForKey(s, key))) {
|
||||||
// key exists, make sure we have enough room for new value, if we don't,
|
// key exists, make sure we have enough room for new value,
|
||||||
// don't change it!
|
// if we don't, don't change it!
|
||||||
if (strlen(value) - strlen(v) + strlen(s) > maxsize) {
|
if (strlen(value) - strlen(v) + strlen(s) > maxsize) {
|
||||||
Con_Printf ("Info string length exceeded\n");
|
Con_Printf ("Info 1 string length exceeded\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2037,7 +2037,7 @@ void Info_SetValueForStarKey (char *s, char *key, char *value, int maxsize)
|
||||||
|
|
||||||
if ((int)(strlen(new) + strlen(s)) > maxsize)
|
if ((int)(strlen(new) + strlen(s)) > maxsize)
|
||||||
{
|
{
|
||||||
Con_Printf ("Info string length exceeded\n");
|
Con_Printf ("Info 2 string length exceeded\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -357,7 +357,7 @@ void Con_Printf (char *fmt, ...)
|
||||||
static qboolean inupdate;
|
static qboolean inupdate;
|
||||||
|
|
||||||
va_start (argptr,fmt);
|
va_start (argptr,fmt);
|
||||||
vsprintf (msg,fmt,argptr);
|
vsnprintf (msg, sizeof(msg), fmt, argptr);
|
||||||
va_end (argptr);
|
va_end (argptr);
|
||||||
|
|
||||||
// also echo to debugging console
|
// also echo to debugging console
|
||||||
|
|
Loading…
Reference in New Issue