From 26732adaa8ff2bdf233717a8f0c6ea64023c3da8 Mon Sep 17 00:00:00 2001
From: black <black@d7cf8633-e32d-0410-b094-e92efae38249>
Date: Mon, 23 May 2005 14:07:00 +0000
Subject: [PATCH] -Fixed a possible buffer overflow bug in
 NetConn_ReceivedMessage (thanks Spike!)

git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@5322 d7cf8633-e32d-0410-b094-e92efae38249
---
 netconn.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/netconn.c b/netconn.c
index 054a5fb3..713b4678 100755
--- a/netconn.c
+++ b/netconn.c
@@ -844,8 +844,15 @@ int NetConn_ReceivedMessage(netconn_t *conn, qbyte *data, int length)
 					conn->lastMessageTime = realtime;
 					conn->timeout = realtime + net_messagetimeout.value;
 					conn->receiveSequence++;
-					memcpy(conn->receiveMessage + conn->receiveMessageLength, data, length);
-					conn->receiveMessageLength += length;
+					if( conn->receiveMessageLength + length <= sizeof( conn->receiveMessage ) ) {
+						memcpy(conn->receiveMessage + conn->receiveMessageLength, data, length);
+						conn->receiveMessageLength += length;
+					} else {
+						Con_Printf( "Reliable message (seq: %i) too big for message buffer!\n"
+									"Dropping the message!\n", sequence );
+						conn->receiveMessageLength = 0;
+						return 1;
+					} 
 					if (flags & NETFLAG_EOM)
 					{
 						reliableMessagesReceived++;
-- 
2.39.2