Permalink
Browse files

added some checks to snap handling

  • Loading branch information...
oy committed Nov 4, 2016
1 parent 3e1d022 commit ff254722a2683867fcb3e67569ffd36226c4bc62
Showing with 3 additions and 2 deletions.
  1. +1 −1 src/engine/client/client.cpp
  2. +2 −1 src/engine/shared/snapshot.h
@@ -1239,7 +1239,7 @@ void CClient::ProcessServerPacket(CNetChunk *pPacket)
pData = (const char *)Unpacker.GetRaw(PartSize);
if(Unpacker.Error())
if(Unpacker.Error() || NumParts < 1 || NumParts > CSnapshot::MAX_PARTS || Part < 0 | Part >= NumParts || PartSize < 0 || PartSize > MAX_SNAPSHOT_PACKSIZE)

This comment has been minimized.

Show comment
Hide comment
@akien-mga

akien-mga Nov 19, 2016

Is this meant to be a bitwise OR in Part < 0 | Part >= NumParts, or is that a typo?
See http://openwall.com/lists/oss-security/2016/11/17/8

@akien-mga

akien-mga Nov 19, 2016

Is this meant to be a bitwise OR in Part < 0 | Part >= NumParts, or is that a typo?
See http://openwall.com/lists/oss-security/2016/11/17/8

This comment has been minimized.

Show comment
Hide comment
@heinrich5991

heinrich5991 Nov 19, 2016

Contributor

It's a typo. We noticed it because some compiler started throwing warnings, but since | achieves the same effect as || we decided not to fix it for the release.

@heinrich5991

heinrich5991 Nov 19, 2016

Contributor

It's a typo. We noticed it because some compiler started throwing warnings, but since | achieves the same effect as || we decided not to fix it for the release.

This comment has been minimized.

Show comment
Hide comment
@akien-mga

akien-mga Nov 19, 2016

Might still be worth putting a fix in the git branch for a future release :)

@akien-mga

akien-mga Nov 19, 2016

Might still be worth putting a fix in the git branch for a future release :)

This comment has been minimized.

Show comment
Hide comment
@heinrich5991

heinrich5991 Nov 19, 2016

Contributor

Someone will eventually do it because the warning is annoying.

@heinrich5991

heinrich5991 Nov 19, 2016

Contributor

Someone will eventually do it because the warning is annoying.

return;
if(GameTick >= m_CurrentRecvTick)
@@ -31,7 +31,8 @@ class CSnapshot
public:
enum
{
MAX_SIZE=64*1024
MAX_PARTS = 64,
MAX_SIZE = MAX_PARTS*1024
};
void Clear() { m_DataSize = 0; m_NumItems = 0; }

0 comments on commit ff25472

Please sign in to comment.