mirror of
https://github.com/DrBeef/ioq3quest.git
synced 2024-11-10 14:52:00 +00:00
fix buffer overflow and format string bug in auth server response
processing
This commit is contained in:
parent
f6e0c6fd19
commit
8ca8d84591
2 changed files with 3 additions and 6 deletions
|
@ -719,7 +719,7 @@ void QDECL NET_OutOfBandPrint( netsrc_t sock, netadr_t adr, const char *format,
|
|||
string[3] = -1;
|
||||
|
||||
va_start( argptr, format );
|
||||
vsprintf( string+4, format, argptr );
|
||||
vsnprintf( string+4, sizeof(string)-4, format, argptr );
|
||||
va_end( argptr );
|
||||
|
||||
// send the datagram
|
||||
|
|
|
@ -149,7 +149,6 @@ void SV_AuthorizeIpPacket( netadr_t from ) {
|
|||
int i;
|
||||
char *s;
|
||||
char *r;
|
||||
char ret[1024];
|
||||
|
||||
if ( !NET_CompareBaseAdr( from, svs.authorizeAddress ) ) {
|
||||
Com_Printf( "SV_AuthorizeIpPacket: not from authorize server\n" );
|
||||
|
@ -195,8 +194,7 @@ void SV_AuthorizeIpPacket( netadr_t from ) {
|
|||
if (!r) {
|
||||
NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\nAwaiting CD key authorization\n" );
|
||||
} else {
|
||||
sprintf(ret, "print\n%s\n", r);
|
||||
NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, ret );
|
||||
NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\n%s\n", r);
|
||||
}
|
||||
// clear the challenge record so it won't timeout and let them through
|
||||
Com_Memset( &svs.challenges[i], 0, sizeof( svs.challenges[i] ) );
|
||||
|
@ -207,8 +205,7 @@ void SV_AuthorizeIpPacket( netadr_t from ) {
|
|||
if (!r) {
|
||||
NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\nSomeone is using this CD Key\n" );
|
||||
} else {
|
||||
sprintf(ret, "print\n%s\n", r);
|
||||
NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, ret );
|
||||
NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\n%s\n", r );
|
||||
}
|
||||
|
||||
// clear the challenge record so it won't timeout and let them through
|
||||
|
|
Loading…
Reference in a new issue