From b5384ca3193b94a473e6d1995235677ce66efa4b Mon Sep 17 00:00:00 2001
From: Ben Millwood <thebenmachine@gmail.com>
Date: Sat, 3 Oct 2009 12:02:46 +0000
Subject:  * Range-check array indices in CG_ParseTeamInfo (Roman "kevlarman"
 Tetelman)  * Don't send tinfo servercommands by default

---
 src/cgame/cg_servercmds.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src')

diff --git a/src/cgame/cg_servercmds.c b/src/cgame/cg_servercmds.c
index 115c4ccf..e9de4646 100644
--- a/src/cgame/cg_servercmds.c
+++ b/src/cgame/cg_servercmds.c
@@ -82,10 +82,21 @@ static void CG_ParseTeamInfo( void )
   int   client;
 
   numSortedTeamPlayers = atoi( CG_Argv( 1 ) );
+  if( numSortedTeamPlayers < 0 || numSortedTeamPlayers > TEAM_MAXOVERLAY )
+  {
+    CG_Error( "CG_ParseTeamInfo: numSortedTeamPlayers out of range (%d)",
+      numSortedTeamPlayers );
+    return;
+  }
 
   for( i = 0; i < numSortedTeamPlayers; i++ )
   {
     client = atoi( CG_Argv( i * 5 + 2 ) );
+    if( client < 0 || client >= MAX_CLIENTS )
+    {
+      CG_Error( "CG_ParseTeamInfo: bad client number: %d", client );
+      return;
+    }
 
     sortedTeamPlayers[ i ] = client;
 
-- 
cgit