From: <z-...@us...> - 2011-07-22 10:50:49
|
Revision: 9609 http://armagetronad.svn.sourceforge.net/armagetronad/?rev=9609&view=rev Author: z-man Date: 2011-07-22 10:50:43 +0000 (Fri, 22 Jul 2011) Log Message: ----------- Merging security fix: Manuel Moos 2011-03-30 Fixing lenleft checks to avoid reading beyond the end of the message. Modified Paths: -------------- armagetronad/branches/0.2.8.3/armagetronad/src/network/nNetwork.cpp Property Changed: ---------------- armagetronad/branches/0.2.8.3/ armagetronad/branches/0.2.8.3/build/ Property changes on: armagetronad/branches/0.2.8.3 ___________________________________________________________________ Modified: svn:mergeinfo - /armagetronad/branches/0.2.8:9309,9314-9316,9320-9322,9326,9332,9338,9348,9353,9365,9537-9538,9590,9593 + /armagetronad/branches/0.2.8:9309,9314-9316,9320-9322,9326,9332,9338,9348,9353,9365,9537-9538,9590,9593,9598 Modified: armagetronad/branches/0.2.8.3/armagetronad/src/network/nNetwork.cpp =================================================================== --- armagetronad/branches/0.2.8.3/armagetronad/src/network/nNetwork.cpp 2011-07-22 10:47:05 UTC (rev 9608) +++ armagetronad/branches/0.2.8.3/armagetronad/src/network/nNetwork.cpp 2011-07-22 10:50:43 UTC (rev 9609) @@ -936,7 +936,7 @@ tRecorderSync< unsigned short >::Archive( "_MESSAGE_DECL_IN", 3, descriptor ); unsigned short len=ntohs(*(buffer++)); - lenLeft--; + lenLeft-=3; if ( len > lenLeft ) { len = lenLeft; @@ -2372,7 +2372,7 @@ try { #endif - while( lenleft > 0 ){ + while( lenleft >= 3 ){ tJUST_CONTROLLED_PTR< nMessage > pmess; pmess = tNEW( nMessage )(b,id,lenleft); nMessage& mess = *pmess; @@ -2488,7 +2488,7 @@ catch(nKillHim) { - con << "nKillHim signal caught.\n"; + con << "nKillHim signal caught: "; sn_DisconnectUser(peer, "$network_kill_error"); } #endif @@ -2521,7 +2521,7 @@ catch(nKillHim const &) { - con << "nKillHim signal caught.\n"; + con << "nKillHim signal caught: "; sn_DisconnectUser(peer, "$network_kill_error"); } #endif Property changes on: armagetronad/branches/0.2.8.3/build ___________________________________________________________________ Modified: svn:mergeinfo - /armagetronad/branches/0.2.8/build:9309-9354,9365,9537-9538,9590,9593 + /armagetronad/branches/0.2.8/build:9309-9354,9365,9537-9538,9590,9593,9598 This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |