You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I'm reading the other code correctly, the length of buf should always be less than MessageLen since it's a substring of another string of text from a MessageLen sized buffer.
General
I spot a potential buffer overflow in the RecordCommand() function in commands.cxx file in bzfs module:
https://github.com/BZFlag-Dev/bzflag/blob/2.4/src/bzfs/commands.cxx
Description
The filename array has fixed length, user-input buffer could overflow the filename array in sscanf() due to unchecked length.
Impact
This could lead to denial of service of the program.
The text was updated successfully, but these errors were encountered: