diff options
author | Jeff Kent <jeff@jkent.net> | 2015-03-20 19:24:07 -0500 |
---|---|---|
committer | Tim Angus <tim@ngus.net> | 2016-04-07 11:02:28 +0100 |
commit | fb3b786df5159b7a2a67dda8c51cd48a78801d50 (patch) | |
tree | d14b3ba0195ad469256346d41a884e65eb77c21c /src | |
parent | a6e2daaf0a8b670df9f5ea7daf1d88c60ccf5c1a (diff) |
fix buffer overflow in CL_CheckForResend
Diffstat (limited to 'src')
-rw-r--r-- | src/client/cl_main.c | 19 |
1 files changed, 4 insertions, 15 deletions
diff --git a/src/client/cl_main.c b/src/client/cl_main.c index 5b3f6028..77df2e01 100644 --- a/src/client/cl_main.c +++ b/src/client/cl_main.c @@ -2356,9 +2356,9 @@ Resend a connect message if the last one has timed out ================= */ void CL_CheckForResend( void ) { - int port, i; + int port; char info[MAX_INFO_STRING]; - char data[MAX_INFO_STRING]; + char data[MAX_INFO_STRING + 10]; // don't send anything if playing back a demo if ( clc.demoplaying ) { @@ -2399,19 +2399,8 @@ void CL_CheckForResend( void ) { Info_SetValueForKey( info, "qport", va("%i", port ) ); Info_SetValueForKey( info, "challenge", va("%i", clc.challenge ) ); - strcpy(data, "connect "); - // TTimo adding " " around the userinfo string to avoid truncated userinfo on the server - // (Com_TokenizeString tokenizes around spaces) - data[8] = '"'; - - for(i=0;i<strlen(info);i++) { - data[9+i] = info[i]; // + (clc.challenge)&0x3; - } - data[9+i] = '"'; - data[10+i] = 0; - - // NOTE TTimo don't forget to set the right data length! - NET_OutOfBandData( NS_CLIENT, clc.serverAddress, (byte *) &data[0], i+10 ); + Com_sprintf( data, sizeof(data), "connect \"%s\"", info ); + NET_OutOfBandData( NS_CLIENT, clc.serverAddress, (byte *) data, strlen ( data ) ); // the most current userinfo has been sent, so watch for any // newer changes to userinfo variables cvar_modifiedFlags &= ~CVAR_USERINFO; |