okseby/Quake-III-Arena
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix possible buffer overflow in console, thanks to John Ellis for the patch.

Browse source
This commit is contained in:
Thilo Schulz 2009-11-10 02:17:32 +00:00
parent 290f1860e9
commit 04c5efd739
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
code/sys/con_tty.c
View file

@ -326,7 +326,7 @@ CON_Input
char *CON_Input( void ) char *CON_Input( void )
{ {
// we use this when sending back commands // we use this when sending back commands
static char text[256]; static char text[MAX_EDIT_LINE];
int avail; int avail;
char key; char key;
field_t *history; field_t *history;
@ -357,7 +357,7 @@ char *CON_Input( void )
{ {
// push it in history // push it in history
Hist_Add(&TTY_con); Hist_Add(&TTY_con);
strcpy(text, TTY_con.buffer); Q_strncpyz(text, TTY_con.buffer, sizeof(text));
Field_Clear(&TTY_con); Field_Clear(&TTY_con);
key = '\n'; key = '\n';
size = write(1, &key, 1); size = write(1, &key, 1);
@ -419,6 +419,8 @@ char *CON_Input( void )
CON_FlushIn(); CON_FlushIn();
return NULL; return NULL;
} }
if (TTY_con.cursor >= sizeof(text) - 1)
return NULL;
// push regular character // push regular character
TTY_con.buffer[TTY_con.cursor] = key; TTY_con.buffer[TTY_con.cursor] = key;
TTY_con.cursor++; TTY_con.cursor++;