diff options
author | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2016-09-30 03:37:09 +0200 |
---|---|---|
committer | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2016-09-30 03:51:46 +0200 |
commit | c1dc71baee663eb470fbb318640afa146ee66060 (patch) | |
tree | 14470b105de3754a18146b3c707a6c46e3db6ea5 /modules/enet | |
parent | cb7661df942cfb423c5fe5090c1c114489905c34 (diff) |
Fix possible buffer overflow in NetworkedMultiplayerENet
NetworkedMultiplayerENet::get_packet was reporting the wrong size for the packet buffer exposing a potential buffer overflow in case of malformed/malicious packets
Diffstat (limited to 'modules/enet')
-rw-r--r-- | modules/enet/networked_multiplayer_enet.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/enet/networked_multiplayer_enet.cpp b/modules/enet/networked_multiplayer_enet.cpp index 18a4347edf..4134ed037f 100644 --- a/modules/enet/networked_multiplayer_enet.cpp +++ b/modules/enet/networked_multiplayer_enet.cpp @@ -359,7 +359,7 @@ Error NetworkedMultiplayerENet::get_packet(const uint8_t **r_buffer,int &r_buffe incoming_packets.pop_front(); *r_buffer=(const uint8_t*)(¤t_packet.packet->data[12]); - r_buffer_size=current_packet.packet->dataLength; + r_buffer_size=current_packet.packet->dataLength-12; return OK; } |