From 6da5ed6a526ed1005fe2113478a33b238feca5aa Mon Sep 17 00:00:00 2001
From: havoc <havoc@d7cf8633-e32d-0410-b094-e92efae38249>
Date: Mon, 23 May 2005 22:29:14 +0000
Subject: [PATCH] NetConn_ReceivedMessage now verifies that the packet's
 internal length value matches the data length

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@5324 d7cf8633-e32d-0410-b094-e92efae38249
---
 netconn.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/netconn.c b/netconn.c
index 6f96f28b..97ad13cc 100755
--- a/netconn.c
+++ b/netconn.c
@@ -763,14 +763,15 @@ int NetConn_ReceivedMessage(netconn_t *conn, qbyte *data, int length)
 	unsigned int count;
 	unsigned int flags;
 	unsigned int sequence;
+	int qlength;
 
-	length = BigLong(((int *)data)[0]);
-	flags = length & ~NETFLAG_LENGTH_MASK;
-	length &= NETFLAG_LENGTH_MASK;
-    if (length >= 8)
+	if (length >= 8)
 	{
+		qlength = (unsigned int)BigLong(((int *)data)[0]);
+		flags = qlength & ~NETFLAG_LENGTH_MASK;
+		qlength &= NETFLAG_LENGTH_MASK;
 		// control packets were already handled
-		if (!(flags & NETFLAG_CTL))
+		if (!(flags & NETFLAG_CTL) && qlength == length)
 		{
 			sequence = BigLong(((int *)data)[1]);
 			packetsReceived++;
@@ -852,7 +853,7 @@ int NetConn_ReceivedMessage(netconn_t *conn, qbyte *data, int length)
 									"Dropping the message!\n", sequence );
 						conn->receiveMessageLength = 0;
 						return 1;
-					} 
+					}
 					if (flags & NETFLAG_EOM)
 					{
 						reliableMessagesReceived++;
-- 
2.39.2