summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeff Kent <jeff@jkent.net>2015-03-20 19:24:07 -0500
committerTim Angus <tim@ngus.net>2016-04-07 11:02:28 +0100
commitfb3b786df5159b7a2a67dda8c51cd48a78801d50 (patch)
treed14b3ba0195ad469256346d41a884e65eb77c21c /src
parenta6e2daaf0a8b670df9f5ea7daf1d88c60ccf5c1a (diff)
fix buffer overflow in CL_CheckForResend
Diffstat (limited to 'src')
-rw-r--r--src/client/cl_main.c19
1 files changed, 4 insertions, 15 deletions
diff --git a/src/client/cl_main.c b/src/client/cl_main.c
index 5b3f6028..77df2e01 100644
--- a/src/client/cl_main.c
+++ b/src/client/cl_main.c
@@ -2356,9 +2356,9 @@ Resend a connect message if the last one has timed out
=================
*/
void CL_CheckForResend( void ) {
- int port, i;
+ int port;
char info[MAX_INFO_STRING];
- char data[MAX_INFO_STRING];
+ char data[MAX_INFO_STRING + 10];
// don't send anything if playing back a demo
if ( clc.demoplaying ) {
@@ -2399,19 +2399,8 @@ void CL_CheckForResend( void ) {
Info_SetValueForKey( info, "qport", va("%i", port ) );
Info_SetValueForKey( info, "challenge", va("%i", clc.challenge ) );
- strcpy(data, "connect ");
- // TTimo adding " " around the userinfo string to avoid truncated userinfo on the server
- // (Com_TokenizeString tokenizes around spaces)
- data[8] = '"';
-
- for(i=0;i<strlen(info);i++) {
- data[9+i] = info[i]; // + (clc.challenge)&0x3;
- }
- data[9+i] = '"';
- data[10+i] = 0;
-
- // NOTE TTimo don't forget to set the right data length!
- NET_OutOfBandData( NS_CLIENT, clc.serverAddress, (byte *) &data[0], i+10 );
+ Com_sprintf( data, sizeof(data), "connect \"%s\"", info );
+ NET_OutOfBandData( NS_CLIENT, clc.serverAddress, (byte *) data, strlen ( data ) );
// the most current userinfo has been sent, so watch for any
// newer changes to userinfo variables
cvar_modifiedFlags &= ~CVAR_USERINFO;