diff options
| author | thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea> | 2006-05-06 01:56:24 +0000 |
|---|---|---|
| committer | thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea> | 2006-05-06 01:56:24 +0000 |
| commit | a679ae64e0a659e2b94ec97e688633bc1a0d041e (patch) | |
| tree | 5d3fe1a56ea961fb5618cfda1fbd6d0072f44a4a /code/client | |
| parent | 29ce2df227e4c556707ae482d4391c7eb700121d (diff) | |
| download | ioquake3-aero-a679ae64e0a659e2b94ec97e688633bc1a0d041e.tar.gz ioquake3-aero-a679ae64e0a659e2b94ec97e688633bc1a0d041e.zip | |
Add string length checking to function COM_StripExtension. This fixes the R_RemapShader buffer overflow exploit that can be found here:
http://milw0rm.com/exploits/1750
git-svn-id: svn://svn.icculus.org/quake3/trunk@765 edf5b092-35ff-0310-97b2-ce42778d08ea
Diffstat (limited to 'code/client')
| -rw-r--r-- | code/client/cl_main.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/code/client/cl_main.c b/code/client/cl_main.c index 7b207e5..9a1bcf6 100644 --- a/code/client/cl_main.c +++ b/code/client/cl_main.c @@ -2066,7 +2066,7 @@ void CL_Frame ( int msec ) { } Q_strncpyz( mapName, COM_SkipPath( cl.mapname ), sizeof( cl.mapname ) ); - COM_StripExtension( mapName, mapName ); + COM_StripExtension(mapName, mapName, sizeof(mapName)); Cbuf_ExecuteText( EXEC_NOW, va( "record %s-%s-%s", nowString, serverName, mapName ) ); |