Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

savegames: bounds-check some string lengths to prevent buffer overflow #881

Merged
merged 1 commit into from Oct 28, 2016
Merged

savegames: bounds-check some string lengths to prevent buffer overflow #881

merged 1 commit into from Oct 28, 2016

Conversation

smcv
Copy link
Contributor

@smcv smcv commented Oct 28, 2016

If a user loads a malicious saved game (perhaps posted on a forum or something), we don't want it to overflow or underflow the buffer.

@ensiform ensiform merged commit 0808ae8 into JACoders:master Oct 28, 2016
@bibendovsky bibendovsky mentioned this pull request Jan 20, 2017
Closed
smcv added a commit to smcv/OpenJK that referenced this pull request Jan 21, 2017
@smcv
icarus: fix bounds check when loading from savegames
291e197 
m_byBuffer is a pointer to a fixed amount of dynamically allocated
memory, not a statically allocated buffer, so sizeof() is the wrong
tool here. Use the actual size of the buffer instead.

Also, reading the full size of the buffer is fine, because we aren't
going to append '\0' afterwards like we do in the other places
touched by JACoders#881, so use > instead of >=.

Fixes JACoders#902

Signed-off-by: Simon McVittie <smcv@debian.org>
eternalcodes pushed a commit to eternalcodes/EternalJK that referenced this pull request Aug 21, 2018
@ensiform
Merge pull request JACoders#881 from smcv/bounds-check
7f31e68 
savegames: bounds-check some string lengths to prevent buffer overflow
Former-commit-id: 60d9182
eternalcodes pushed a commit to eternalcodes/EternalJK that referenced this pull request Aug 21, 2018
@smcv
icarus: fix bounds check when loading from savegames
dd2c1a2 
m_byBuffer is a pointer to a fixed amount of dynamically allocated
memory, not a statically allocated buffer, so sizeof() is the wrong
tool here. Use the actual size of the buffer instead.

Also, reading the full size of the buffer is fine, because we aren't
going to append '\0' afterwards like we do in the other places
touched by JACoders#881, so use > instead of >=.

Fixes JACoders#902

Signed-off-by: Simon McVittie <smcv@debian.org>

Former-commit-id: fbf0dd0
eternalcodes pushed a commit to eternalcodes/EternalJK that referenced this pull request Aug 21, 2018
@ensiform
Merge pull request JACoders#881 from smcv/bounds-check
60d9182 
savegames: bounds-check some string lengths to prevent buffer overflow
eternalcodes pushed a commit to eternalcodes/EternalJK that referenced this pull request Aug 21, 2018
@smcv
icarus: fix bounds check when loading from savegames
fbf0dd0 
m_byBuffer is a pointer to a fixed amount of dynamically allocated
memory, not a statically allocated buffer, so sizeof() is the wrong
tool here. Use the actual size of the buffer instead.

Also, reading the full size of the buffer is fine, because we aren't
going to append '\0' afterwards like we do in the other places
touched by JACoders#881, so use > instead of >=.

Fixes JACoders#902

Signed-off-by: Simon McVittie <smcv@debian.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@smcv @ensiform