I've attached an untested patch that adds bounds checking in the place Clint Adams pointed out.
Please verify for correctness and test carefully. -- Regards, Andreas Henriksson
diff -uriNp conquest-8.2/meta.c conquest-8.2-buffull/meta.c --- conquest-8.2/meta.c 2006-08-13 23:58:49.000000000 +0200 +++ conquest-8.2-buffull/meta.c 2007-03-05 10:44:46.000000000 +0100 @@ -405,6 +405,17 @@ int metaGetServerList(char *remotehost, off = 0; while (read(s, &c, 1) > 0) { + if (off > sizeof(buf)-1) + { /* buffer is full, treat as invalid record and goto next */ + clog("metaGetServerList: invalid record (buffer full), skipping"); + memset(buf, '\0', sizeof(buf)); + off = 0; + do { + if (c == '\n') + break; + } while (read(s, &c, 1) > 0); + continue; + } if (c != '\n') { buf[off++] = c;