From cf791d14c58f536eec8220d93fb9af443f8837e9 Mon Sep 17 00:00:00 2001 From: Thilo Schulz Date: Thu, 3 Feb 2011 02:54:36 +0000 Subject: [PATCH] - Fix bug #4769 remote server crash - Fix potential 1-byte-buffer overflow in gamecode --- code/game/g_svcmds.c | 2 +- code/qcommon/cmd.c | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/code/game/g_svcmds.c b/code/game/g_svcmds.c index 705afd7c..b62da50a 100644 --- a/code/game/g_svcmds.c +++ b/code/game/g_svcmds.c @@ -155,7 +155,7 @@ static void UpdateIPBans (void) Q_strcat(ip, sizeof(ip), va("%i", b[j])); Q_strcat(ip, sizeof(ip), (j<3) ? "." : " "); } - if (strlen(iplist_final)+strlen(ip) < MAX_CVAR_VALUE_STRING) + if (strlen(iplist_final)+strlen(ip) < MAX_CVAR_VALUE_STRING - 1) { Q_strcat( iplist_final, sizeof(iplist_final), ip); } diff --git a/code/qcommon/cmd.c b/code/qcommon/cmd.c index f1243b34..f40b5bd2 100644 --- a/code/qcommon/cmd.c +++ b/code/qcommon/cmd.c @@ -435,11 +435,20 @@ char *Cmd_Cmd(void) Replace command separators with space to prevent interpretation This is a hack to protect buggy qvms https://bugzilla.icculus.org/show_bug.cgi?id=3593 + https://bugzilla.icculus.org/show_bug.cgi?id=4769 */ -void Cmd_Args_Sanitize( void ) { + +void Cmd_Args_Sanitize(void) +{ int i; - for ( i = 1 ; i < cmd_argc ; i++ ) { - char* c = cmd_argv[i]; + + for(i = 1; i < cmd_argc; i++) + { + char *c = cmd_argv[i]; + + if(strlen(c) > MAX_CVAR_VALUE_STRING - 1) + c[MAX_CVAR_VALUE_STRING - 1] = '\0'; + while ((c = strpbrk(c, "\n\r;"))) { *c = ' '; ++c;