Grievre's skin DoS fix

2004-04-04 02:34:05 +00:00 · 2004-04-04 02:34:05 +00:00 · ab52e74874
parent c2d633bf69
commit ab52e74874
2 changed files with 11 additions and 5 deletions
--- a/include/QF/skin.h
+++ b/include/QF/skin.h
@ -33,13 +33,14 @@
 #include "QF/zone.h"

 #define MAX_CACHED_SKINS 128
+#define MAX_SKIN_LENGTH	32

 #define RSSHOT_WIDTH 320
 #define RSSHOT_HEIGHT 200

 typedef struct skin_s
 {
-	char		name[16];
+	char		name[MAX_SKIN_LENGTH];
 	qboolean	failedload;		// the name isn't a valid skin
 	union {
 		cache_user_t	cache;
--- a/qw/source/cl_parse.c
+++ b/qw/source/cl_parse.c
@ -977,14 +977,19 @@ CL_ParseClientdata (void)
 static void
 CL_ProcessUserInfo (int slot, player_info_t *player)
 {
-	char       *skin;
+	char       skin[MAX_SKIN_LENGTH] = { 0 };
 	const char *s;

 	s = Info_ValueForKey (player->userinfo, "skin");
-	skin = alloca (strlen (s) + 1);
-	QFS_StripExtension (s, skin);
-	if (!strequal (s, skin))
+
+	if (strlen(s) < sizeof skin) {
+		QFS_StripExtension (s, skin);
+		if (!strequal (s, skin))
+			Info_SetValueForKey (player->userinfo, "skin", skin, 1);
+	} else {
 		Info_SetValueForKey (player->userinfo, "skin", skin, 1);
+	}
+
 	s = Info_ValueForKey (player->userinfo, "name");
 	if (!*s)
 		Info_SetValueForKey (player->userinfo, "name", va ("user-%i [exploit]", player->userid), 1);