From a679ae64e0a659e2b94ec97e688633bc1a0d041e Mon Sep 17 00:00:00 2001 From: thilo Date: Sat, 6 May 2006 01:56:24 +0000 Subject: Add string length checking to function COM_StripExtension. This fixes the R_RemapShader buffer overflow exploit that can be found here: http://milw0rm.com/exploits/1750 git-svn-id: svn://svn.icculus.org/quake3/trunk@765 edf5b092-35ff-0310-97b2-ce42778d08ea --- code/cgame/cg_weapons.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'code/cgame') diff --git a/code/cgame/cg_weapons.c b/code/cgame/cg_weapons.c index d15de2d..49e2697 100644 --- a/code/cgame/cg_weapons.c +++ b/code/cgame/cg_weapons.c @@ -656,17 +656,17 @@ void CG_RegisterWeapon( int weaponNum ) { } strcpy( path, item->world_model[0] ); - COM_StripExtension( path, path ); + COM_StripExtension(path, path, sizeof(path)); strcat( path, "_flash.md3" ); weaponInfo->flashModel = trap_R_RegisterModel( path ); strcpy( path, item->world_model[0] ); - COM_StripExtension( path, path ); + COM_StripExtension(path, path, sizeof(path)); strcat( path, "_barrel.md3" ); weaponInfo->barrelModel = trap_R_RegisterModel( path ); strcpy( path, item->world_model[0] ); - COM_StripExtension( path, path ); + COM_StripExtension(path, path, sizeof(path)); strcat( path, "_hand.md3" ); weaponInfo->handsModel = trap_R_RegisterModel( path ); -- cgit v1.2.3