From: Jann Horn <jannhorn@googlemail.com>
Date: Sun, 4 May 2014 18:35:00 +0000 (+0200)
Subject: fix loadmap: prevent stack/heap overlap based exploits
X-Git-Url: http://git.thejh.net/?p=quakecontrol.git;a=commitdiff_plain;h=e0bb37a7fca22a9d6339f5afc5ddafc153cd99d6

fix loadmap: prevent stack/heap overlap based exploits
---

diff --git a/loadmap.c b/loadmap.c
index bc6eb9b..d060a34 100644
--- a/loadmap.c
+++ b/loadmap.c
@@ -7,6 +7,7 @@ char *map;
 
 void check_map_name(void) {
   if (map == NULL) senderr("missing query string", false);
+  if (strlen(map) > 100) senderr("map string is too long - no stack/heap overlap issue for you!", false);
   for (char *p = map; *p; p++) {
     if (*p >= 'a' && *p <= 'z') continue;
     if (*p >= 'A' && *p <= 'Z') continue;
@@ -29,4 +30,4 @@ int main(void) {
      "\nX-Frame-Options: DENY"
      "\n");
   exit(0);
-}
\ No newline at end of file
+}