okseby/Quake-III-Arena
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add string length checking to function COM_StripExtension. This fixes the R_RemapShader buffer overflow exploit that can be found here:

Browse source 
http://milw0rm.com/exploits/1750
This commit is contained in:
Thilo Schulz 2006-05-06 01:56:24 +00:00
parent 2e368c02a6
commit d21411452e
13 changed files with 22 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

4
code/ui/ui_main.c
View file

@ -4958,7 +4958,7 @@ static void UI_BuildQ3Model_List( void )
int numfiles;
char dirlist[2048];
char filelist[2048];
char skinname[64];
char skinname[MAX_QPATH];
char scratch[256];
char* dirptr;
char* fileptr;
@ -4988,7 +4988,7 @@ static void UI_BuildQ3Model_List( void )
{
filelen = strlen(fileptr);
COM_StripExtension(fileptr,skinname);
COM_StripExtension(fileptr, skinname, sizeof(skinname));
// look for icon_????
if (Q_stricmpn(skinname, "icon_", 5) == 0 && !(Q_stricmp(skinname,"icon_blue") == 0 || Q_stricmp(skinname,"icon_red") == 0))