Overlapping memory regions in strncpy when issuing rcon commands in localhost #107
Description
Strncpy-param-overlap: memory ranges [0x562251302f80,0x562251302f8b) and [0x562251302f89, 0x562251302f94) overlap
at 0x7f6fd331aece strncpy
at 0x56224e59b9fa Q_strncpyz (q_shared.c:1527)
at 0x56224e540978 Cmd_TokenizeString2 (cmd.c:692)
at 0x56224e541a56 Cmd_TokenizeString (cmd.c:790)
at 0x56224e541ee0 Cmd_ExecuteString (cmd.c:1008)
at 0x56224e5c88ee SVC_RemoteCommand (sv_main.c:1157)
at 0x56224e5c9d77 SV_ConnectionlessPacket (sv_main.c:1201)
at 0x56224e5cabe0 SV_PacketEvent (sv_main.c:1246)
at 0x56224e549694 Com_RunAndTimeServerPacket (common.c:2871)
at 0x56224e54d6dc Com_EventLoop (common.c:2912)
at 0x56224e54e312 Com_Frame (common.c:4650)
at 0x56224e5d87ea main (unix_main.c:1373)
at 0x7f6fd2a366c0
at 0x7f6fd2a367f8 __libc_start_main
at 0x56224e4be0e4 _start
To reproduce:
- Set
rconPassword, note the length. - Issue rcon command where the command argument is longer than the rcon password.
For example:
rconPassword foorcon say foobar- crash,foobaris longer thanfoo