okseby/Quake-III-Arena
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add string length checking to function COM_StripExtension. This fixes the R_RemapShader buffer overflow exploit that can be found here:

Browse source 
http://milw0rm.com/exploits/1750
This commit is contained in:
Thilo Schulz 2006-05-06 01:56:24 +00:00
parent 2e368c02a6
commit d21411452e
13 changed files with 22 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

4
code/qcommon/q_shared.c
View file

@ -58,10 +58,10 @@ char *COM_SkipPath (char *pathname)
COM_StripExtension
============
*/
void COM_StripExtension( const char *in, char *out ) {
void COM_StripExtension( const char *in, char *out, int destsize ) {
int length;
strcpy( out, in );
Q_strncpyz(out, in, destsize);
length = strlen(out)-1;
while (length > 0 && out[length] != '.')