Add string length checking to function COM_StripExtension. This fixes the R_RemapShader buffer overflow exploit that can be found here:

http://milw0rm.com/exploits/1750
2006-05-06 01:56:24 +00:00 · 2006-05-06 01:56:24 +00:00 · d21411452e
commit d21411452e
parent 2e368c02a6
13 changed files with 22 additions and 22 deletions
--- a/code/q3_ui/ui_saveconfig.c
+++ b/code/q3_ui/ui_saveconfig.c
@ -85,7 +85,7 @@ static void UI_SaveConfigMenu_SaveEvent( void *ptr, int event ) {
 		return;
 	}

-	COM_StripExtension(saveConfig.savename.field.buffer, configname );
+	COM_StripExtension(saveConfig.savename.field.buffer, configname, sizeof(configname));
 	trap_Cmd_ExecuteText( EXEC_APPEND, va( "writeconfig %s.cfg\n", configname ) );
 	UI_PopMenu();
 }