edg-l/ddnet
1
0
Fork 0
mirror of https://github.com/ddnet/ddnet.git synced 2024-09-20 01:24:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

added a null pointer check in huffman decompression code. it was possible to crash a masterserver by sending it a packet that had the compression flag (but not the connection-less flag) set because the huffman look up table is not initialized in the masterserver and thus resulted in a null-pointer-node. clients and servers (with initialized look up tables were not affected. it was also not possible to use this to inject code.

Browse source
This commit is contained in:
m!nus 2010-10-29 01:28:11 +02:00 committed by oy
parent b343ef7f55
commit 523c15e0e7
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/engine/shared/huffman.cpp
View file

@ -228,6 +228,9 @@ int CHuffman::Decompress(const void *pInput, int InputSize, void *pOutput, int O
// {C} load symbol now if we didn't that earlier at location {A}
if(!pNode)
pNode = m_apDecodeLut[Bits&HUFFMAN_LUTMASK];
if(!pNode)
return -1;
// {D} check if we hit a symbol already
if(pNode->m_NumBits)