- Fix bug #4769 remote server crash

- Fix potential 1-byte-buffer overflow in gamecode
2024-11-24 13:11:30 +00:00 · 2011-02-03 02:54:36 +00:00 · 2011-02-03 02:54:36 +00:00 · cf791d14c5
commit cf791d14c5
parent 16c83ae2c5
2 changed files with 13 additions and 4 deletions
--- a/code/game/g_svcmds.c
+++ b/code/game/g_svcmds.c
@ -155,7 +155,7 @@ static void UpdateIPBans (void)
 				Q_strcat(ip, sizeof(ip), va("%i", b[j]));
 			Q_strcat(ip, sizeof(ip), (j<3) ? "." : " ");
 		}		
-		if (strlen(iplist_final)+strlen(ip) < MAX_CVAR_VALUE_STRING)
+		if (strlen(iplist_final)+strlen(ip) < MAX_CVAR_VALUE_STRING - 1)
 		{
 			Q_strcat( iplist_final, sizeof(iplist_final), ip);
 		}
--- a/code/qcommon/cmd.c
+++ b/code/qcommon/cmd.c
@ -435,11 +435,20 @@ char *Cmd_Cmd(void)
   Replace command separators with space to prevent interpretation
   This is a hack to protect buggy qvms
   https://bugzilla.icculus.org/show_bug.cgi?id=3593
+   https://bugzilla.icculus.org/show_bug.cgi?id=4769
 */
-void Cmd_Args_Sanitize( void ) {
+
+void Cmd_Args_Sanitize(void)
+{
 	int i;
-	for ( i = 1 ; i < cmd_argc ; i++ ) {
-		char* c = cmd_argv[i];
+
+	for(i = 1; i < cmd_argc; i++)
+	{
+		char *c = cmd_argv[i];
+		
+		if(strlen(c) > MAX_CVAR_VALUE_STRING - 1)
+			c[MAX_CVAR_VALUE_STRING - 1] = '\0';
+		
 		while ((c = strpbrk(c, "\n\r;"))) {
 			*c = ' ';
 			++c;