aboutsummaryrefslogtreecommitdiffstats
path: root/code
diff options
context:
space:
mode:
authorludwig <ludwig@edf5b092-35ff-0310-97b2-ce42778d08ea>2009-01-13 07:57:03 +0000
committerludwig <ludwig@edf5b092-35ff-0310-97b2-ce42778d08ea>2009-01-13 07:57:03 +0000
commitf95b5a79bdcbe7820b308b5f000809701ac20013 (patch)
tree764e82e14cf501bdba8d6ecc2598cffad3edfe12 /code
parent6dcadaa7f72c131af2c5469b751b0f023958e25a (diff)
downloadioquake3-aero-f95b5a79bdcbe7820b308b5f000809701ac20013.tar.gz
ioquake3-aero-f95b5a79bdcbe7820b308b5f000809701ac20013.zip
fix overflow in CG_ParseTeamInfo
based on patch for Tremulous, thanks to Roman Tetelman git-svn-id: svn://svn.icculus.org/quake3/trunk@1492 edf5b092-35ff-0310-97b2-ce42778d08ea
Diffstat (limited to 'code')
-rw-r--r--code/cgame/cg_servercmds.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/code/cgame/cg_servercmds.c b/code/cgame/cg_servercmds.c
index 185a068..7761646 100644
--- a/code/cgame/cg_servercmds.c
+++ b/code/cgame/cg_servercmds.c
@@ -118,9 +118,20 @@ static void CG_ParseTeamInfo( void ) {
int client;
numSortedTeamPlayers = atoi( CG_Argv( 1 ) );
+ if( numSortedTeamPlayers < 0 || numSortedTeamPlayers > TEAM_MAXOVERLAY )
+ {
+ CG_Error( "CG_ParseTeamInfo: numSortedTeamPlayers out of range (%d)",
+ numSortedTeamPlayers );
+ return;
+ }
for ( i = 0 ; i < numSortedTeamPlayers ; i++ ) {
client = atoi( CG_Argv( i * 6 + 2 ) );
+ if( client < 0 || client >= MAX_CLIENTS )
+ {
+ CG_Error( "CG_ParseTeamInfo: bad client number: %d", client );
+ return;
+ }
sortedTeamPlayers[i] = client;