Fix critical buffer overflow in cgame, see exploit at http://www.milw0rm.com/exploits/1977

git-svn-id: svn://svn.icculus.org/quake3/trunk@813 edf5b092-35ff-0310-97b2-ce42778d08ea
author: thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea> 2006-07-06 00:37:56 +0000
committer: thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea> 2006-07-06 00:37:56 +0000
commit: 658781be5433d156c128f26bb31a59e75abd0c65 (patch)
tree: e18e971369f4184c99fa84cc84039a2d8c534b1c /code/cgame
parent: 87c1e45342de332c2564eb76b420736667b929c9 (diff)
download: ioquake3-aero-658781be5433d156c128f26bb31a59e75abd0c65.tar.gz
ioquake3-aero-658781be5433d156c128f26bb31a59e75abd0c65.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/code/cgame/cg_main.c b/code/cgame/cg_main.c
index bfb111c..8d88726 100644
--- a/code/cgame/cg_main.c
+++ b/code/cgame/cg_main.c
@@ -703,7 +703,7 @@ static void CG_RegisterSounds( void ) {
 	}
 
 	// only register the items that the server says we need
-	strcpy( items, CG_ConfigString( CS_ITEMS ) );
+	Q_strncpyz(items, CG_ConfigString(CS_ITEMS), sizeof(items));
 
 	for ( i = 1 ; i < bg_numItems ; i++ ) {
 //		if ( items[ i ] == '1' || cg_buildScript.integer ) {
@@ -1016,7 +1016,7 @@ static void CG_RegisterGraphics( void ) {
 	memset( cg_weapons, 0, sizeof( cg_weapons ) );
 
 	// only register the items that the server says we need
-	strcpy( items, CG_ConfigString( CS_ITEMS) );
+	Q_strncpyz(items, CG_ConfigString(CS_ITEMS), sizeof(items));
 
 	for ( i = 1 ; i < bg_numItems ; i++ ) {
 		if ( items[ i ] == '1' || cg_buildScript.integer ) {
author	thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea>	2006-07-06 00:37:56 +0000
committer	thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea>	2006-07-06 00:37:56 +0000
commit	658781be5433d156c128f26bb31a59e75abd0c65 (patch)
tree	e18e971369f4184c99fa84cc84039a2d8c534b1c /code/cgame
parent	87c1e45342de332c2564eb76b420736667b929c9 (diff)
download	ioquake3-aero-658781be5433d156c128f26bb31a59e75abd0c65.tar.gz ioquake3-aero-658781be5433d156c128f26bb31a59e75abd0c65.zip