mirror of
https://github.com/UberGames/lilium-voyager.git
synced 2024-12-14 06:01:10 +00:00
* Fix to multiple buffer overflow bugs in CL_Rcon_f
* Fix to COM_ParseExt 1 byte overwrite bug * Fixed some missing calls to trap_FS_FCloseFile * Fixed q3msgboom and q3infoboom bugs * Fixed some qboolean type confusion * Above fixes from http://www.quakesrc.org/forums/viewtopic.php?t=5374
This commit is contained in:
parent
b185817285
commit
33a48a0336
9 changed files with 26 additions and 19 deletions
|
@ -107,6 +107,7 @@ static qboolean CG_ParseAnimationFile( const char *filename, clientInfo_t *ci )
|
|||
}
|
||||
if ( len >= sizeof( text ) - 1 ) {
|
||||
CG_Printf( "File %s too long\n", filename );
|
||||
trap_FS_FCloseFile( f );
|
||||
return qfalse;
|
||||
}
|
||||
trap_FS_Read( text, len, f );
|
||||
|
|
|
@ -42,7 +42,7 @@ int chat_playerNum;
|
|||
|
||||
qboolean key_overstrikeMode;
|
||||
|
||||
qboolean anykeydown;
|
||||
int anykeydown;
|
||||
qkey_t keys[MAX_KEYS];
|
||||
|
||||
|
||||
|
@ -1238,7 +1238,7 @@ void Key_ClearStates (void)
|
|||
{
|
||||
int i;
|
||||
|
||||
anykeydown = qfalse;
|
||||
anykeydown = 0;
|
||||
|
||||
for ( i=0 ; i < MAX_KEYS ; i++ ) {
|
||||
if ( keys[i].down ) {
|
||||
|
|
|
@ -1090,6 +1090,7 @@ void CL_Connect_f( void ) {
|
|||
Cvar_Set( "cl_currentServerAddress", server );
|
||||
}
|
||||
|
||||
#define MAX_RCON_MESSAGE 1024
|
||||
|
||||
/*
|
||||
=====================
|
||||
|
@ -1100,7 +1101,7 @@ CL_Rcon_f
|
|||
=====================
|
||||
*/
|
||||
void CL_Rcon_f( void ) {
|
||||
char message[1024];
|
||||
char message[MAX_RCON_MESSAGE];
|
||||
netadr_t to;
|
||||
|
||||
if ( !rcon_client_password->string ) {
|
||||
|
@ -1115,13 +1116,13 @@ void CL_Rcon_f( void ) {
|
|||
message[3] = -1;
|
||||
message[4] = 0;
|
||||
|
||||
strcat (message, "rcon ");
|
||||
Q_strcat (message, MAX_RCON_MESSAGE, "rcon ");
|
||||
|
||||
strcat (message, rcon_client_password->string);
|
||||
strcat (message, " ");
|
||||
Q_strcat (message, MAX_RCON_MESSAGE, rcon_client_password->string);
|
||||
Q_strcat (message, MAX_RCON_MESSAGE, " ");
|
||||
|
||||
// https://zerowing.idsoftware.com/bugzilla/show_bug.cgi?id=543
|
||||
strcat (message, Cmd_Cmd()+5);
|
||||
Q_strcat (message, MAX_RCON_MESSAGE, Cmd_Cmd()+5);
|
||||
|
||||
if ( cls.state >= CA_CONNECTED ) {
|
||||
to = clc.netchan.remoteAddress;
|
||||
|
|
|
@ -43,7 +43,7 @@ extern field_t historyEditLines[COMMAND_HISTORY];
|
|||
|
||||
extern field_t g_consoleField;
|
||||
extern field_t chatField;
|
||||
extern qboolean anykeydown;
|
||||
extern int anykeydown;
|
||||
extern qboolean chat_team;
|
||||
extern int chat_playerNum;
|
||||
|
||||
|
|
|
@ -453,7 +453,7 @@ char *COM_ParseExt( char **data_p, qboolean allowLineBreaks )
|
|||
*data_p = ( char * ) data;
|
||||
return com_token;
|
||||
}
|
||||
if (len < MAX_TOKEN_CHARS)
|
||||
if (len < MAX_TOKEN_CHARS - 1)
|
||||
{
|
||||
com_token[len] = c;
|
||||
len++;
|
||||
|
@ -464,7 +464,7 @@ char *COM_ParseExt( char **data_p, qboolean allowLineBreaks )
|
|||
// parse a regular word
|
||||
do
|
||||
{
|
||||
if (len < MAX_TOKEN_CHARS)
|
||||
if (len < MAX_TOKEN_CHARS - 1)
|
||||
{
|
||||
com_token[len] = c;
|
||||
len++;
|
||||
|
@ -475,11 +475,6 @@ char *COM_ParseExt( char **data_p, qboolean allowLineBreaks )
|
|||
com_lines++;
|
||||
} while (c>32);
|
||||
|
||||
if (len == MAX_TOKEN_CHARS)
|
||||
{
|
||||
// Com_Printf ("Token exceeded %i chars, discarded.\n", MAX_TOKEN_CHARS);
|
||||
len = 0;
|
||||
}
|
||||
com_token[len] = 0;
|
||||
|
||||
*data_p = ( char * ) data;
|
||||
|
@ -1192,7 +1187,7 @@ void Info_SetValueForKey( char *s, const char *key, const char *value ) {
|
|||
|
||||
Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value);
|
||||
|
||||
if (strlen(newi) + strlen(s) > MAX_INFO_STRING)
|
||||
if (strlen(newi) + strlen(s) >= MAX_INFO_STRING)
|
||||
{
|
||||
Com_Printf ("Info string length exceeded\n");
|
||||
return;
|
||||
|
@ -1240,7 +1235,7 @@ void Info_SetValueForKey_Big( char *s, const char *key, const char *value ) {
|
|||
|
||||
Com_sprintf (newi, sizeof(newi), "\\%s\\%s", key, value);
|
||||
|
||||
if (strlen(newi) + strlen(s) > BIG_INFO_STRING)
|
||||
if (strlen(newi) + strlen(s) >= BIG_INFO_STRING)
|
||||
{
|
||||
Com_Printf ("BIG Info string length exceeded\n");
|
||||
return;
|
||||
|
|
|
@ -943,6 +943,7 @@ static qboolean UI_ParseAnimationFile( const char *filename, animation_t *animat
|
|||
}
|
||||
if ( len >= ( sizeof( text ) - 1 ) ) {
|
||||
Com_Printf( "File %s too long\n", filename );
|
||||
trap_FS_FCloseFile( f );
|
||||
return qfalse;
|
||||
}
|
||||
trap_FS_Read( text, len, f );
|
||||
|
|
|
@ -950,11 +950,11 @@ qboolean FS_FilenameCompare( const char *s1, const char *s2 ) {
|
|||
}
|
||||
|
||||
if (c1 != c2) {
|
||||
return -1; // strings not equal
|
||||
return qtrue; // strings not equal
|
||||
}
|
||||
} while (c1);
|
||||
|
||||
return 0; // strings are equal
|
||||
return qfalse; // strings are equal
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -172,6 +172,14 @@ void QDECL SV_SendServerCommand(client_t *cl, const char *fmt, ...) {
|
|||
Q_vsnprintf ((char *)message, sizeof(message), fmt,argptr);
|
||||
va_end (argptr);
|
||||
|
||||
// Fix to http://aluigi.altervista.org/adv/q3msgboom-adv.txt
|
||||
// The actual cause of the bug is probably further downstream
|
||||
// and should maybe be addressed later, but this certainly
|
||||
// fixes the problem for now
|
||||
if ( strlen ((char *)message) > 1022 ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( cl != NULL ) {
|
||||
SV_AddServerCommand( cl, (char *)message );
|
||||
return;
|
||||
|
|
|
@ -1040,6 +1040,7 @@ static qboolean UI_ParseAnimationFile( const char *filename, animation_t *animat
|
|||
}
|
||||
if ( len >= ( sizeof( text ) - 1 ) ) {
|
||||
Com_Printf( "File %s too long\n", filename );
|
||||
trap_FS_FCloseFile( f );
|
||||
return qfalse;
|
||||
}
|
||||
trap_FS_Read( text, len, f );
|
||||
|
|
Loading…
Reference in a new issue