From 658781be5433d156c128f26bb31a59e75abd0c65 Mon Sep 17 00:00:00 2001
From: thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea>
Date: Thu, 6 Jul 2006 00:37:56 +0000
Subject: Fix critical buffer overflow in cgame, see exploit at
 http://www.milw0rm.com/exploits/1977

git-svn-id: svn://svn.icculus.org/quake3/trunk@813 edf5b092-35ff-0310-97b2-ce42778d08ea
---
 code/cgame/cg_main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'code/cgame')

diff --git a/code/cgame/cg_main.c b/code/cgame/cg_main.c
index bfb111c..8d88726 100644
--- a/code/cgame/cg_main.c
+++ b/code/cgame/cg_main.c
@@ -703,7 +703,7 @@ static void CG_RegisterSounds( void ) {
 	}
 
 	// only register the items that the server says we need
-	strcpy( items, CG_ConfigString( CS_ITEMS ) );
+	Q_strncpyz(items, CG_ConfigString(CS_ITEMS), sizeof(items));
 
 	for ( i = 1 ; i < bg_numItems ; i++ ) {
 //		if ( items[ i ] == '1' || cg_buildScript.integer ) {
@@ -1016,7 +1016,7 @@ static void CG_RegisterGraphics( void ) {
 	memset( cg_weapons, 0, sizeof( cg_weapons ) );
 
 	// only register the items that the server says we need
-	strcpy( items, CG_ConfigString( CS_ITEMS) );
+	Q_strncpyz(items, CG_ConfigString(CS_ITEMS), sizeof(items));
 
 	for ( i = 1 ; i < bg_numItems ; i++ ) {
 		if ( items[ i ] == '1' || cg_buildScript.integer ) {
-- 
cgit v1.2.3