diff options
| author | m!nus <m1nus@online.de> | 2010-10-29 01:28:11 +0200 |
|---|---|---|
| committer | oy <Tom_Adams@web.de> | 2010-10-29 01:46:10 +0200 |
| commit | 523c15e0e7602fcfc5ab6f24c4eb0bfd97d93e4f (patch) | |
| tree | b1918556f4ec2145a3738d623828b395355c01f2 | |
| parent | b343ef7f5576e133a1d15d2a07b09bfab6bfb751 (diff) | |
| download | zcatch-523c15e0e7602fcfc5ab6f24c4eb0bfd97d93e4f.tar.gz zcatch-523c15e0e7602fcfc5ab6f24c4eb0bfd97d93e4f.zip | |
added a null pointer check in huffman decompression code. it was possible to crash a masterserver by sending it a packet that had the compression flag (but not the connection-less flag) set because the huffman look up table is not initialized in the masterserver and thus resulted in a null-pointer-node. clients and servers (with initialized look up tables were not affected. it was also not possible to use this to inject code.
| -rw-r--r-- | src/engine/shared/huffman.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/engine/shared/huffman.cpp b/src/engine/shared/huffman.cpp index dfa8923a..446b6003 100644 --- a/src/engine/shared/huffman.cpp +++ b/src/engine/shared/huffman.cpp @@ -228,6 +228,9 @@ int CHuffman::Decompress(const void *pInput, int InputSize, void *pOutput, int O // {C} load symbol now if we didn't that earlier at location {A} if(!pNode) pNode = m_apDecodeLut[Bits&HUFFMAN_LUTMASK]; + + if(!pNode) + return -1; // {D} check if we hit a symbol already if(pNode->m_NumBits) |