apply the security patch for incoming-packet VoIP-data parsing and Huffman decompression

TODO: improve this description
author: /dev/humancontroller <devhc@example.com> 2017-08-14 14:04:02 +0200
committer: /dev/humancontroller <devhc@example.com> 2017-08-14 14:04:02 +0200
commit: 57a3338110978b37baab6f7c45935a1dff5db603 (patch)
tree: a9b6be3eb4b16c1e8053e8ae64b79cd0b9377181 /src/server
parent: a150f425666146fbdca921ea44838b81889ec9e9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/server/sv_client.c b/src/server/sv_client.c
index 126a9d05..f3a0494f 100644
--- a/src/server/sv_client.c
+++ b/src/server/sv_client.c
@@ -1565,7 +1565,7 @@ void SV_UserVoip(client_t *cl, msg_t *msg, qboolean ignoreData)
 	}
 	packetsize = MSG_ReadShort(msg);
 
-	if (msg->readcount > msg->cursize)
+	if (msg->readcount + packetsize > msg->cursize)
 		return;   // short/invalid packet, bail.
 
 	if (packetsize > sizeof (encoded)) {  // overlarge packet?
author	/dev/humancontroller <devhc@example.com>	2017-08-14 14:04:02 +0200
committer	/dev/humancontroller <devhc@example.com>	2017-08-14 14:04:02 +0200
commit	57a3338110978b37baab6f7c45935a1dff5db603 (patch)
tree	a9b6be3eb4b16c1e8053e8ae64b79cd0b9377181 /src/server
parent	a150f425666146fbdca921ea44838b81889ec9e9 (diff)