okseby/Quake-III-Arena
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add string length checking to function COM_StripExtension. This fixes the R_RemapShader buffer overflow exploit that can be found here:

Browse source 
http://milw0rm.com/exploits/1750
This commit is contained in:
Thilo Schulz 2006-05-06 01:56:24 +00:00
parent 2e368c02a6
commit d21411452e
13 changed files with 22 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

4
code/ui/ui_players.c
View file

@ -90,13 +90,13 @@ tryagain:
if ( weaponNum == WP_MACHINEGUN || weaponNum == WP_GAUNTLET || weaponNum == WP_BFG ) {
strcpy( path, item->world_model[0] );
COM_StripExtension( path, path );
COM_StripExtension(path, path, sizeof(path));
strcat( path, "_barrel.md3" );
pi->barrelModel = trap_R_RegisterModel( path );
}
strcpy( path, item->world_model[0] );
COM_StripExtension( path, path );
COM_StripExtension(path, path, sizeof(path));
strcat( path, "_flash.md3" );
pi->flashModel = trap_R_RegisterModel( path );