From 2f682351d531716339f67214764688a8eed1edec Mon Sep 17 00:00:00 2001 From: havoc Date: Mon, 17 Jul 2006 23:19:46 +0000 Subject: [PATCH] fix a buffer overflow bug in InfoString_SetValue (thanks div0!), and increase userinfo and serverinfo strings to 1280 bytes each (from 196 and 512 respectively) git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@6512 d7cf8633-e32d-0410-b094-e92efae38249 --- common.c | 2 +- quakedef.h | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/common.c b/common.c index a510c060..fe84a1dd 100644 --- a/common.c +++ b/common.c @@ -1395,7 +1395,7 @@ void InfoString_SetValue(char *buffer, size_t bufferlength, const char *key, con for (pos2++;buffer[pos2] && buffer[pos2] != '\\';pos2++); for (pos2++;buffer[pos2] && buffer[pos2] != '\\';pos2++); } - if (bufferlength <= 1 + strlen(key) + 1 + strlen(value) + strlen(buffer + pos2)) + if (bufferlength <= pos + 1 + strlen(key) + 1 + strlen(value) + strlen(buffer + pos2)) { Con_Printf("InfoString_SetValue: no room for \"%s\" \"%s\" in infostring\n", key, value); return; diff --git a/quakedef.h b/quakedef.h index b6faccba..67591407 100644 --- a/quakedef.h +++ b/quakedef.h @@ -184,8 +184,10 @@ extern char engineversion[128]; // LordHavoc: increased name limit from 32 to 64 characters #define MAX_SCOREBOARDNAME 64 // infostring sizes used by QuakeWorld support -#define MAX_USERINFO_STRING 196 -#define MAX_SERVERINFO_STRING 512 +// was 196 +#define MAX_USERINFO_STRING 1280 +// was 512 +#define MAX_SERVERINFO_STRING 1280 #define MAX_LOCALINFO_STRING 32768 #include "zone.h" -- 2.39.2