rpms/vavoom/F-7 vavoom-1.24-CVE-2007-4533-5.patch,NONE,1.1
Hans de Goede (jwrdegoede)
fedora-extras-commits at redhat.com
Fri Aug 31 18:49:10 UTC 2007
Author: jwrdegoede
Update of /cvs/extras/rpms/vavoom/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2324
Added Files:
vavoom-1.24-CVE-2007-4533-5.patch
Log Message:
* Fri Aug 31 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 1.24-3
- Fix some security issues in the server: CVE-2007-4533, CVE-2007-4534,
CVE-2007-4535 (bz 256621)
vavoom-1.24-CVE-2007-4533-5.patch:
--- NEW FILE vavoom-1.24-CVE-2007-4533-5.patch ---
--- trunk/vavoom/source/p_acs.cpp 2007/08/29 22:11:13 2684
+++ trunk/vavoom/source/p_acs.cpp 2007/08/31 16:30:40 2685
@@ -2486,7 +2486,7 @@
}
else
{
- BroadcastCentrePrintf(*PrintStr);
+ BroadcastCentrePrint(*PrintStr);
}
ACSVM_BREAK;
@@ -2649,7 +2649,7 @@
ACSVM_CASE(PCD_EndPrintBold)
//FIXME yellow message
PrintStr = PrintStr.EvalEscapeSequences();
- BroadcastCentrePrintf(*PrintStr);
+ BroadcastCentrePrint(*PrintStr);
ACSVM_BREAK;
// Extended P-Code commands.
@@ -2974,7 +2974,7 @@
}
else
{
- BroadcastCentrePrintf(*PrintStr);
+ BroadcastCentrePrint(*PrintStr);
}
sp = optstart - 6;
ACSVM_BREAK;
--- trunk/vavoom/source/p_thinker.cpp 2007/08/29 22:11:13 2684
+++ trunk/vavoom/source/p_thinker.cpp 2007/08/31 16:30:40 2685
@@ -294,6 +294,21 @@
//==========================================================================
//
+// VThinker::BroadcastPrint
+//
+//==========================================================================
+
+void VThinker::BroadcastPrint(const char *s)
+{
+ guard(VThinker::BroadcastPrint);
+ for (int i = 0; i < svs.max_clients; i++)
+ if (Level->Game->Players[i])
+ Level->Game->Players[i]->eventClientPrint(s);
+ unguard;
+}
+
+//==========================================================================
+//
// VThinker::BroadcastPrintf
//
//==========================================================================
@@ -308,9 +323,22 @@
vsprintf(buf, s, v);
va_end(v);
+ BroadcastPrint(buf);
+ unguard;
+}
+
+//==========================================================================
+//
+// VThinker::BroadcastCentrePrint
+//
+//==========================================================================
+
+void VThinker::BroadcastCentrePrint(const char *s)
+{
+ guard(VThinker::BroadcastCentrePrint);
for (int i = 0; i < svs.max_clients; i++)
if (Level->Game->Players[i])
- Level->Game->Players[i]->eventClientPrint(buf);
+ Level->Game->Players[i]->eventClientCentrePrint(s);
unguard;
}
@@ -330,9 +358,7 @@
vsprintf(buf, s, v);
va_end(v);
- for (int i = 0; i < svs.max_clients; i++)
- if (Level->Game->Players[i])
- Level->Game->Players[i]->eventClientCentrePrint(buf);
+ BroadcastCentrePrint(buf);
unguard;
}
@@ -444,7 +470,7 @@
{
VStr Msg = PF_FormatString();
P_GET_SELF;
- Self->BroadcastPrintf(*Msg);
+ Self->BroadcastPrint(*Msg);
}
IMPLEMENT_FUNCTION(VThinker, AllocDlight)
--- trunk/vavoom/source/sv_main.cpp 2007/08/29 22:11:13 2684
+++ trunk/vavoom/source/sv_main.cpp 2007/08/31 16:30:40 2685
@@ -1624,7 +1624,7 @@
Text += " ";
Text += Args[i];
}
- GLevelInfo->BroadcastPrintf(*Text);
+ GLevelInfo->BroadcastPrint(*Text);
GLevelInfo->StartSound(TVec(0, 0, 0), 0,
GSoundManager->GetSoundID("misc/chat"), 0, 1.0, 0);
unguard;
--- trunk/vavoom/source/p_thinker.h 2007/08/29 22:11:13 2684
+++ trunk/vavoom/source/p_thinker.h 2007/08/31 16:30:40 2685
@@ -76,7 +76,9 @@
void AddSoundSequenceChoice(vint32, VName);
void StopSoundSequence(vint32);
+ void BroadcastPrint(const char*);
void BroadcastPrintf(const char*, ...);
+ void BroadcastCentrePrint(const char*);
void BroadcastCentrePrintf(const char*, ...);
DECLARE_FUNCTION(Spawn)
--- trunk/vavoom/source/str.h 2007/08/31 16:30:40 2685
+++ trunk/vavoom/source/str.h 2007/08/31 17:25:55 2686
@@ -345,6 +345,8 @@
{
vint32 Len;
Strm << STRM_INDEX(Len);
+ if (Len < 0)
+ Len = 0;
S.Resize(Len);
if (Len)
Strm.Serialise(S.Str, Len + 1);
More information about the fedora-extras-commits
mailing list