Skip to content
Permalink
Browse files Browse the repository at this point in the history
added some checks to snap handling
  • Loading branch information
oy committed Nov 4, 2016
1 parent 3e1d022 commit ff25472
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/engine/client/client.cpp
Expand Up @@ -1239,7 +1239,7 @@ void CClient::ProcessServerPacket(CNetChunk *pPacket)

pData = (const char *)Unpacker.GetRaw(PartSize);

if(Unpacker.Error())
if(Unpacker.Error() || NumParts < 1 || NumParts > CSnapshot::MAX_PARTS || Part < 0 | Part >= NumParts || PartSize < 0 || PartSize > MAX_SNAPSHOT_PACKSIZE)

This comment has been minimized.

Copy link
@akien-mga

akien-mga Nov 19, 2016

Is this meant to be a bitwise OR in Part < 0 | Part >= NumParts, or is that a typo?
See http://openwall.com/lists/oss-security/2016/11/17/8

This comment has been minimized.

Copy link
@heinrich5991

heinrich5991 Nov 19, 2016

Contributor

It's a typo. We noticed it because some compiler started throwing warnings, but since | achieves the same effect as || we decided not to fix it for the release.

This comment has been minimized.

Copy link
@akien-mga

akien-mga Nov 19, 2016

Might still be worth putting a fix in the git branch for a future release :)

This comment has been minimized.

Copy link
@heinrich5991

heinrich5991 Nov 19, 2016

Contributor

Someone will eventually do it because the warning is annoying.

return;

if(GameTick >= m_CurrentRecvTick)
Expand Down
3 changes: 2 additions & 1 deletion src/engine/shared/snapshot.h
Expand Up @@ -31,7 +31,8 @@ class CSnapshot
public:
enum
{
MAX_SIZE=64*1024
MAX_PARTS = 64,
MAX_SIZE = MAX_PARTS*1024
};

void Clear() { m_DataSize = 0; m_NumItems = 0; }
Expand Down

0 comments on commit ff25472

Please sign in to comment.