okseby/Quake-III-Arena
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix bug that permits download of arbitrary files from a download enabled server by checking requested file name against the list of loaded pk3 files. See CVE-2006-2082

Browse source
This commit is contained in:
Thilo Schulz 2006-05-08 19:53:41 +00:00
parent fda7db7619
commit 60293f49ee
2 changed files with 48 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

9
code/qcommon/files.c
View file

@ -2556,16 +2556,9 @@ FS_idPak
*/
qboolean FS_idPak( char *pak, char *base ) {
int i;
char pakbuf[MAX_QPATH], *pakptr;
// Chop off filename extension if necessary.
Com_sprintf(pakbuf, sizeof(pakbuf), "%s", pak);
pakptr = Q_strrchr(pakbuf, '.');
if(pakptr)
*pakptr = '\0';
for (i = 0; i < NUM_ID_PAKS; i++) {
if ( !FS_FilenameCompare(pakbuf, va("%s/pak%d", base, i)) ) {
if ( !FS_FilenameCompare(pak, va("%s/pak%d", base, i)) ) {
break;
}
}