Squashed a QW showstopper, last one I hope!

Fixed a rare chance of a buffer overflow attack in the display code.
This commit is contained in:
Zephaniah E. Hull 1999-12-29 14:09:12 +00:00
parent e3ac6357dc
commit 8a2e473014
3 changed files with 12 additions and 7 deletions

View file

@ -225,7 +225,11 @@ void CL_SendConnectPacket (void)
cls.qport = Cvar_VariableValue("qport");
Info_SetValueForStarKey (cls.userinfo, "*ip", NET_AdrToString(adr), MAX_INFO_STRING);
// Arrgh, this was not in the old binary only release, and eats up
// far too much of the 196 chars in the userinfo space, leaving nothing
// for player use, thus, its commented out for the moment..
//
//Info_SetValueForStarKey (cls.userinfo, "*ip", NET_AdrToString(adr), MAX_INFO_STRING);
// Con_Printf ("Connecting to %s...\n", cls.servername);
sprintf (data, "%c%c%c%cconnect %i %i %i \"%s\"\n",
@ -1072,7 +1076,8 @@ void CL_Init (void)
Info_SetValueForKey (cls.userinfo, "bottomcolor", "0", MAX_INFO_STRING);
Info_SetValueForKey (cls.userinfo, "rate", "2500", MAX_INFO_STRING);
Info_SetValueForKey (cls.userinfo, "msg", "1", MAX_INFO_STRING);
sprintf (st, "%4.2f-%04d", VERSION, build_number());
//sprintf (st, "%4.2f-%04d", VERSION, build_number());
sprintf (st, "%.1f", VERSION);
Info_SetValueForStarKey (cls.userinfo, "*ver", st, MAX_INFO_STRING);
CL_InitInput ();

View file

@ -2022,10 +2022,10 @@ void Info_SetValueForStarKey (char *s, char *key, char *value, int maxsize)
// this next line is kinda trippy
if (*(v = Info_ValueForKey(s, key))) {
// key exists, make sure we have enough room for new value, if we don't,
// don't change it!
// key exists, make sure we have enough room for new value,
// if we don't, don't change it!
if (strlen(value) - strlen(v) + strlen(s) > maxsize) {
Con_Printf ("Info string length exceeded\n");
Con_Printf ("Info 1 string length exceeded\n");
return;
}
}
@ -2037,7 +2037,7 @@ void Info_SetValueForStarKey (char *s, char *key, char *value, int maxsize)
if ((int)(strlen(new) + strlen(s)) > maxsize)
{
Con_Printf ("Info string length exceeded\n");
Con_Printf ("Info 2 string length exceeded\n");
return;
}

View file

@ -357,7 +357,7 @@ void Con_Printf (char *fmt, ...)
static qboolean inupdate;
va_start (argptr,fmt);
vsprintf (msg,fmt,argptr);
vsnprintf (msg, sizeof(msg), fmt, argptr);
va_end (argptr);
// also echo to debugging console