okseby/Quake-III-Arena
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix buffer overflow and format string bug in auth server response

Browse source 
processing
This commit is contained in:
Ludwig Nussel 2006-12-31 15:36:42 +00:00
parent f6e0c6fd19
commit 8ca8d84591
2 changed files with 3 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
code/qcommon/net_chan.c
View file

@ -719,7 +719,7 @@ void QDECL NET_OutOfBandPrint( netsrc_t sock, netadr_t adr, const char *format,
string[3] = -1; string[3] = -1;
va_start( argptr, format ); va_start( argptr, format );
vsprintf( string+4, format, argptr ); vsnprintf( string+4, sizeof(string)-4, format, argptr );
va_end( argptr ); va_end( argptr );
// send the datagram // send the datagram

7
code/server/sv_client.c
View file

@ -149,7 +149,6 @@ void SV_AuthorizeIpPacket( netadr_t from ) {
int i; int i;
char *s; char *s;
char *r; char *r;
char ret[1024];
if ( !NET_CompareBaseAdr( from, svs.authorizeAddress ) ) { if ( !NET_CompareBaseAdr( from, svs.authorizeAddress ) ) {
Com_Printf( "SV_AuthorizeIpPacket: not from authorize server\n" ); Com_Printf( "SV_AuthorizeIpPacket: not from authorize server\n" );
@ -195,8 +194,7 @@ void SV_AuthorizeIpPacket( netadr_t from ) {
if (!r) { if (!r) {
NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\nAwaiting CD key authorization\n" ); NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\nAwaiting CD key authorization\n" );
} else { } else {
sprintf(ret, "print\n%s\n", r); NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\n%s\n", r);
NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, ret );
} }
// clear the challenge record so it won't timeout and let them through // clear the challenge record so it won't timeout and let them through
Com_Memset( &svs.challenges[i], 0, sizeof( svs.challenges[i] ) ); Com_Memset( &svs.challenges[i], 0, sizeof( svs.challenges[i] ) );
@ -207,8 +205,7 @@ void SV_AuthorizeIpPacket( netadr_t from ) {
if (!r) { if (!r) {
NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\nSomeone is using this CD Key\n" ); NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\nSomeone is using this CD Key\n" );
} else { } else {
sprintf(ret, "print\n%s\n", r); NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, "print\n%s\n", r );
NET_OutOfBandPrint( NS_SERVER, svs.challenges[i].adr, ret );
} }
// clear the challenge record so it won't timeout and let them through // clear the challenge record so it won't timeout and let them through