okseby/Quake-III-Arena
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add string length checking to function COM_StripExtension. This fixes the R_RemapShader buffer overflow exploit that can be found here:

Browse source 
http://milw0rm.com/exploits/1750
This commit is contained in:
Thilo Schulz 2006-05-06 01:56:24 +00:00
parent 2e368c02a6
commit d21411452e
13 changed files with 22 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

2
code/client/cl_main.c
View file

@ -2066,7 +2066,7 @@ void CL_Frame ( int msec ) {
}
Q_strncpyz( mapName, COM_SkipPath( cl.mapname ), sizeof( cl.mapname ) );
COM_StripExtension( mapName, mapName );
COM_StripExtension(mapName, mapName, sizeof(mapName));
Cbuf_ExecuteText( EXEC_NOW,
va( "record %s-%s-%s", nowString, serverName, mapName ) );