projects
/
quakecontrol.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
cb56250
)
fix loadmap: prevent stack/heap overlap based exploits
author
Jann Horn
<jannhorn@googlemail.com>
Sun, 4 May 2014 18:35:00 +0000
(20:35 +0200)
committer
Jann Horn
<jannhorn@googlemail.com>
Sun, 4 May 2014 18:35:00 +0000
(20:35 +0200)
loadmap.c
patch
|
blob
|
history
diff --git
a/loadmap.c
b/loadmap.c
index
bc6eb9b
..
d060a34
100644
(file)
--- a/
loadmap.c
+++ b/
loadmap.c
@@
-7,6
+7,7
@@
char *map;
void check_map_name(void) {
if (map == NULL) senderr("missing query string", false);
void check_map_name(void) {
if (map == NULL) senderr("missing query string", false);
+ if (strlen(map) > 100) senderr("map string is too long - no stack/heap overlap issue for you!", false);
for (char *p = map; *p; p++) {
if (*p >= 'a' && *p <= 'z') continue;
if (*p >= 'A' && *p <= 'Z') continue;
for (char *p = map; *p; p++) {
if (*p >= 'a' && *p <= 'z') continue;
if (*p >= 'A' && *p <= 'Z') continue;
@@
-29,4
+30,4
@@
int main(void) {
"\nX-Frame-Options: DENY"
"\n");
exit(0);
"\nX-Frame-Options: DENY"
"\n");
exit(0);
-}
\ No newline at end of file
+}