From ab52e748744c1232de4577ac3e96d873f67f4ece Mon Sep 17 00:00:00 2001 From: Bill Currie Date: Sun, 4 Apr 2004 02:34:05 +0000 Subject: [PATCH] Grievre's skin DoS fix --- include/QF/skin.h | 3 ++- qw/source/cl_parse.c | 13 +++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/include/QF/skin.h b/include/QF/skin.h index 064d9eb48..9d0cf65d3 100644 --- a/include/QF/skin.h +++ b/include/QF/skin.h @@ -33,13 +33,14 @@ #include "QF/zone.h" #define MAX_CACHED_SKINS 128 +#define MAX_SKIN_LENGTH 32 #define RSSHOT_WIDTH 320 #define RSSHOT_HEIGHT 200 typedef struct skin_s { - char name[16]; + char name[MAX_SKIN_LENGTH]; qboolean failedload; // the name isn't a valid skin union { cache_user_t cache; diff --git a/qw/source/cl_parse.c b/qw/source/cl_parse.c index 3ba72d1a3..f2e0c0f29 100644 --- a/qw/source/cl_parse.c +++ b/qw/source/cl_parse.c @@ -977,14 +977,19 @@ CL_ParseClientdata (void) static void CL_ProcessUserInfo (int slot, player_info_t *player) { - char *skin; + char skin[MAX_SKIN_LENGTH] = { 0 }; const char *s; s = Info_ValueForKey (player->userinfo, "skin"); - skin = alloca (strlen (s) + 1); - QFS_StripExtension (s, skin); - if (!strequal (s, skin)) + + if (strlen(s) < sizeof skin) { + QFS_StripExtension (s, skin); + if (!strequal (s, skin)) + Info_SetValueForKey (player->userinfo, "skin", skin, 1); + } else { Info_SetValueForKey (player->userinfo, "skin", skin, 1); + } + s = Info_ValueForKey (player->userinfo, "name"); if (!*s) Info_SetValueForKey (player->userinfo, "name", va ("user-%i [exploit]", player->userid), 1);