yay more fixes! :
1. Voice Commands show up in the notify box as well as chat box when console is not up?
Easy Client Fix:
(this also escapes the rest of line to white after name)
cg_event.c
look for this line:
char vchatstr[1024];
change the 3 lines below it to look like this:
strcpy(vchatstr, va("<%s^7: %s>", ci->name, descr));
CG_Printf( "*%s\n", vchatstr );
CG_ChatBox_AddString(vchatstr);
2. CTF Messages dont escape to white after player names:
cg_event.c
CG_PrintCTFMessage
Com_sprintf(printMsg, sizeof(printMsg), "%s ", ci->name);
should be:
Com_sprintf(printMsg, sizeof(printMsg), "%s^7 ", ci->name);
and
Com_sprintf(printMsg, sizeof(printMsg), "%s %s", ci->name, psStringEDString);
should be:
Com_sprintf(printMsg, sizeof(printMsg), "%s^7 %s", ci->name, psStringEDString);
3. New security bug out for quake 3 engine, thought it wasnt fixable without engine?
add this somewhere in bg_misc.c:
/*
============
COM_StripExtensionSafe
============
*/
void COM_StripExtensionSafe( const char *in, char *out, int destsize ) {
int length;
Q_strncpyz(out, in, destsize);
length = strlen(out)-1;
while (length > 0 && out[length] != '.')
{
length--;
if (out[length] == '/')
return; // no extension
}
if (length)
out[length] = 0;
}
and declare it somewhere in bg_public.h:
void COM_StripExtensionSafe( const char *in, char *out, int destsize );
now replace all instances of COM_StripExtension in your source with
COM_StripExtensionSafe and the destsize should be sizeof(change me to the char of out)
ie:
COM_StripExtensionSafe(fileptr, configname, sizeof(configname));
even more...
cg_servercmds.c:
look for "remapShader" command in the function CG_ServerCommand and replace that whole if statement for remapShader to:
if ( Q_stricmp (cmd, "remapShader") == 0 )
{
if (trap_Argc() == 4)
{
char shader1[MAX_QPATH];
char shader2[MAX_QPATH];
char shader3[MAX_QPATH];
Q_strncpyz(shader1, CG_Argv(1), sizeof(shader1));
Q_strncpyz(shader2, CG_Argv(2), sizeof(shader2));
Q_strncpyz(shader3, CG_Argv(3), sizeof(shader3));
trap_R_RemapShader(shader1, shader2, shader3);
}
return;
}
last file in cgame for this bugfix, cg_syscalls.c:
comment out or delete the trap_R_RemapShader function and replace it with this:
void trap_R_RemapShader( const char *oldShader, const char *newShader, const char *timeOffset ) {
char oldShaderTMP[MAX_QPATH];
char newShaderTMP[MAX_QPATH];
Q_strncpyz(oldShaderTMP, oldShader, sizeof(oldShaderTMP));
Q_strncpyz(newShaderTMP, newShader, sizeof(newShaderTMP));
COM_StripExtensionSafe(oldShaderTMP, oldShaderTMP, sizeof(oldShaderTMP));
COM_StripExtensionSafe(newShaderTMP, newShaderTMP, sizeof(newShaderTMP));
syscall( CG_R_REMAP_SHADER, oldShaderTMP, newShaderTMP, timeOffset );
}
k now open up ui_syscalls.c:
do the same thing for ui_syscalls.c as cg_syscalls.c only the syscall itself is changed ( UI_R_REMAP_SHADER ):
void trap_R_RemapShader( const char *oldShader, const char *newShader, const char *timeOffset ) {
char oldShaderTMP[MAX_QPATH];
char newShaderTMP[MAX_QPATH];
Q_strncpyz(oldShaderTMP, oldShader, sizeof(oldShaderTMP));
Q_strncpyz(newShaderTMP, newShader, sizeof(newShaderTMP));
COM_StripExtensionSafe(oldShaderTMP, oldShaderTMP, sizeof(oldShaderTMP));
COM_StripExtensionSafe(newShaderTMP, newShaderTMP, sizeof(newShaderTMP));
syscall( UI_R_REMAP_SHADER, oldShaderTMP, newShaderTMP, timeOffset );
}
now ui_atoms.c:
look for this line:
if ( Q_stricmp (cmd, "postgame") == 0 ) {
above it add:
if ( Q_stricmp (cmd, "remapShader") == 0 ) {
if (trap_Argc() == 4) {
char shader1[MAX_QPATH];
char shader2[MAX_QPATH];
char shader3[MAX_QPATH];
Q_strncpyz(shader1, UI_Argv(1), sizeof(shader1));
Q_strncpyz(shader2, UI_Argv(2), sizeof(shader2));
Q_strncpyz(shader3, UI_Argv(3), sizeof(shader3));
trap_R_RemapShader(shader1, shader2, shader3);
return qtrue;
}
}
i think that is all for this bug.
Source of bug:
http://www.gamer.nl/doc/32206)
Translated by Babelfish:
Gamers which still old, on the Quake 3 Engine play based games have been warned. Are not only slow you desperately, also a serious leak in the engine as a result of which can computer offenders, crackers and other gajes take over your PC'tje, has been discovered.
The leak is caused by "boundary error" during the processing of the "remapShader" commando. This can lead to a buffer overflow, as a result of which the attacker can carry out in question random commandos and software on the vulnerable PC..
If this is all too technical for your, then you must remember simply to make no connection with "malicious servers". An attacker must to abuse the leak, as it happens, by means of its server a command to the PC. send.
Enemy Territory 2.60, return to Castle Wolfenstein 1.41 and Quake III and 1.32b is vulnerable, but also other versions its probable leak.
4. Limbs dont take team color if u have a custom rgb model
g_combat.c:
in function G_Dismember:
limb->s.customRGBA[0] = ent->s.customRGBA[0];
limb->s.customRGBA[1] = ent->s.customRGBA[1];
limb->s.customRGBA[2] = ent->s.customRGBA[2];
limb->s.customRGBA[3] = ent->s.customRGBA[3];
should be:
if (g_gametype.integer >= GT_TEAM) {
switch(ent->client->sess.sessionTeam)
{
case TEAM_RED:
limb->s.customRGBA[0] = 255;
limb->s.customRGBA[1] = 0;
limb->s.customRGBA[2] = 0;
break;
case TEAM_BLUE:
limb->s.customRGBA[0] = 0;
limb->s.customRGBA[1] = 0;
limb->s.customRGBA[2] = 255;
break;
default:
limb->s.customRGBA[0] = ent->s.customRGBA[0];
limb->s.customRGBA[1] = ent->s.customRGBA[1];
limb->s.customRGBA[2] = ent->s.customRGBA[2];
limb->s.customRGBA[3] = ent->s.customRGBA[3];
break;
}
} else {
limb->s.customRGBA[0] = ent->s.customRGBA[0];
limb->s.customRGBA[1] = ent->s.customRGBA[1];
limb->s.customRGBA[2] = ent->s.customRGBA[2];
limb->s.customRGBA[3] = ent->s.customRGBA[3];
}
5. weird tint for the meters and values when playing ffa or on blue team
cg_draw.c
look for this:
if (cgs.gametype >= GT_TEAM && cgs.gametype != GT_SIEGE)
{ // tint the hud items based on team
if (cg.snap->ps.persistant[PERS_TEAM] == TEAM_RED )
hudTintColor = redhudtint;
else if (cg.snap->ps.persistant[PERS_TEAM] == TEAM_BLUE )
hudTintColor = bluehudtint;
else // If we're not on a team for whatever reason, leave things as they are.
hudTintColor = colorTable[CT_WHITE];
}
else
{ // tint the hud items white (dont' tint)
hudTintColor = colorTable[CT_WHITE];
}
replace it with:
hudTintColor = redhudtint; // always use red because blue and white screws it up
6. flag icons have a dark tint when you are in scope because raven forgets to do trap_R_SetColor(NULL) after every change in color thats not needed anymore.
cg_draw.c again:
CG_DrawFlagStatus
above the !cg.snap line add:
trap_R_SetColor( NULL );
also CG_DrawPowerupIcons
add
trap_R_SetColor( NULL );
same spot as flagstatus