* Range-check array indices in CG_ParseTeamInfo (Roman "kevlarman" Tetelman)

* Don't send tinfo servercommands by default
author: Ben Millwood <thebenmachine@gmail.com> 2009-10-03 12:02:46 +0000
committer: Tim Angus <tim@ngus.net> 2013-01-03 00:15:38 +0000
commit: b5384ca3193b94a473e6d1995235677ce66efa4b (patch)
tree: 39bccb76a8c349d90e6c77ed91c2bb9973cd7250 /src
parent: a2abdae1179414204035003451b5a10746b46d75 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/src/cgame/cg_servercmds.c b/src/cgame/cg_servercmds.c
index 115c4ccf..e9de4646 100644
--- a/src/cgame/cg_servercmds.c
+++ b/src/cgame/cg_servercmds.c
@@ -82,10 +82,21 @@ static void CG_ParseTeamInfo( void )
   int   client;
 
   numSortedTeamPlayers = atoi( CG_Argv( 1 ) );
+  if( numSortedTeamPlayers < 0 || numSortedTeamPlayers > TEAM_MAXOVERLAY )
+  {
+    CG_Error( "CG_ParseTeamInfo: numSortedTeamPlayers out of range (%d)",
+      numSortedTeamPlayers );
+    return;
+  }
 
   for( i = 0; i < numSortedTeamPlayers; i++ )
   {
     client = atoi( CG_Argv( i * 5 + 2 ) );
+    if( client < 0 || client >= MAX_CLIENTS )
+    {
+      CG_Error( "CG_ParseTeamInfo: bad client number: %d", client );
+      return;
+    }
 
     sortedTeamPlayers[ i ] = client;
author	Ben Millwood <thebenmachine@gmail.com>	2009-10-03 12:02:46 +0000
committer	Tim Angus <tim@ngus.net>	2013-01-03 00:15:38 +0000
commit	b5384ca3193b94a473e6d1995235677ce66efa4b (patch)
tree	39bccb76a8c349d90e6c77ed91c2bb9973cd7250 /src
parent	a2abdae1179414204035003451b5a10746b46d75 (diff)