From 68264e7288c4db5b5797d806bab7df8dc22a8d17 Mon Sep 17 00:00:00 2001 From: Refrag Date: Wed, 15 May 2024 20:03:04 +0200 Subject: [PATCH 1/2] Fix buffer overflow when setting a NETVAR string CVar There was a possible buffer overflow if you tried setting a console var that had the CV_NETVAR and that was of the string type. The overflow would happen if you were trying to set the console variable while in a multiplayer / netgame state. This commit just increases the size of buf to account for everything that needs to be written to it. --- src/command.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/command.c b/src/command.c index a46cc98bc..7947048ed 100644 --- a/src/command.c +++ b/src/command.c @@ -1992,7 +1992,7 @@ static void CV_SetCVar(consvar_t *var, const char *value, boolean stealth) if (var->flags & CV_NETVAR) { // send the value of the variable - UINT8 buf[128]; + UINT8 buf[512]; UINT8 *p = buf; // Loading from a config in a netgame? Set revert value. From b16c4df31c779bccd518fa5103b73b1b6f778165 Mon Sep 17 00:00:00 2001 From: Refrag Date: Mon, 20 May 2024 10:40:55 +0200 Subject: [PATCH 2/2] Ensure the servername fits into MAXSERVERNAME before setting it This commit adds a verification before setting the servername console variable. We now check that it fits within the MAXSERVERNAME length and we cancel setting it if it doesn't. Letting the servername be more than MAXSERVERNAME could lead to crashes when trying to edit the server name from the menu so, we now avoid those. --- src/netcode/mserv.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/netcode/mserv.c b/src/netcode/mserv.c index 3acacd24c..74ee120f9 100644 --- a/src/netcode/mserv.c +++ b/src/netcode/mserv.c @@ -50,6 +50,8 @@ static void Command_Listserv_f(void); #endif/*MASTERSERVER*/ +static boolean ServerName_CanChange (const char*); + static void Update_parameters (void); static void MasterServer_OnChange(void); @@ -61,7 +63,7 @@ static CV_PossibleValue_t masterserver_update_rate_cons_t[] = { }; consvar_t cv_masterserver = CVAR_INIT ("masterserver", "https://ds.ms.srb2.org/MS/0", CV_SAVE|CV_CALL, NULL, MasterServer_OnChange); -consvar_t cv_servername = CVAR_INIT ("servername", "SRB2 server", CV_SAVE|CV_NETVAR|CV_CALL|CV_NOINIT|CV_ALLOWLUA, NULL, Update_parameters); +consvar_t cv_servername = CVAR_INIT_WITH_CALLBACKS ("servername", "SRB2 server", CV_SAVE|CV_NETVAR|CV_CALL|CV_NOINIT|CV_ALLOWLUA, NULL, Update_parameters, ServerName_CanChange); consvar_t cv_masterserver_update_rate = CVAR_INIT ("masterserver_update_rate", "15", CV_SAVE|CV_CALL|CV_NOINIT, masterserver_update_rate_cons_t, Update_parameters); @@ -497,6 +499,15 @@ Set_api (const char *api) #endif/*MASTERSERVER*/ +static boolean ServerName_CanChange(const char* newvalue) +{ + if (strlen(newvalue) < MAXSERVERNAME) + return true; + + CONS_Alert(CONS_NOTICE, "The server name must be shorter than %d characters\n", MAXSERVERNAME); + return false; +} + static void Update_parameters (void) {