From 04c5efd739556537951a7c197f86ba860ada8de7 Mon Sep 17 00:00:00 2001
From: Thilo Schulz <arny@ats.s.bawue.de>
Date: Tue, 10 Nov 2009 02:17:32 +0000
Subject: [PATCH] Fix possible buffer overflow in console, thanks to John Ellis
 for the patch.

---
 code/sys/con_tty.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/code/sys/con_tty.c b/code/sys/con_tty.c
index c70db698..71ee1004 100644
--- a/code/sys/con_tty.c
+++ b/code/sys/con_tty.c
@@ -326,7 +326,7 @@ CON_Input
 char *CON_Input( void )
 {
 	// we use this when sending back commands
-	static char text[256];
+	static char text[MAX_EDIT_LINE];
 	int avail;
 	char key;
 	field_t *history;
@@ -357,7 +357,7 @@ char *CON_Input( void )
 				{
 					// push it in history
 					Hist_Add(&TTY_con);
-					strcpy(text, TTY_con.buffer);
+					Q_strncpyz(text, TTY_con.buffer, sizeof(text));
 					Field_Clear(&TTY_con);
 					key = '\n';
 					size = write(1, &key, 1);
@@ -419,6 +419,8 @@ char *CON_Input( void )
 				CON_FlushIn();
 				return NULL;
 			}
+			if (TTY_con.cursor >= sizeof(text) - 1)
+				return NULL;
 			// push regular character
 			TTY_con.buffer[TTY_con.cursor] = key;
 			TTY_con.cursor++;