Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CBasePlayer::PackDeadPlayerItems can cause buffer overflow when custom gamerules are used #3030

Open
SamVanheer opened this issue Feb 1, 2021 · 0 comments
Open

CBasePlayer::PackDeadPlayerItems can cause buffer overflow when custom gamerules are used #3030

SamVanheer opened this issue Feb 1, 2021 · 0 comments
Labels
Fix proposed

Comments

@SamVanheer
Copy link

The method CBasePlayer::PackDeadPlayerItems can cause a buffer overflow if a custom gamerules object is used that returns the rule GR_PLR_DROP_GUN_ALL from CGameRules::DeadPlayerWeapons.

The line in question is this one;

halflife/dlls/player.cpp

Line 687 in c7240b9

CBasePlayerWeapon *rgpPackWeapons[ 20 ];// 20 hardcoded for now. How to determine exactly how many weapons we have?

If the player has more than 20 weapons this will overwrite whatever is on the stack after that array.

The simplest fix is to use the constant MAX_WEAPONS instead of 20:

halflife/dlls/cdll_dll.h

Line 23 in c7240b9

#define MAX_WEAPONS 32 // ???

This doesn't affect vanilla Half-Life or Opposing Force, but to prevent mods from introducing such a vulnerability the SDK should definitely be updated.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Fix proposed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SamVanheer @kisak-valve