- Fix bug that allows a malicious server to write and overwrite any files in the quake3 directory.
Reported by Luigi Auriemma. - Moved directory traversal check to a more proper location. - Added a few sanity checks for checksum/pakname storage to fix a crash that can occur under certain circumstances.
This commit is contained in:
Thilo Schulz
parent
c9c15562ea
commit
813a6ecdc3
2 changed files with 40 additions and 18 deletions
|
|
@ -1444,13 +1444,6 @@ void CL_NextDownload(void) {
|
|||
else
|
||||
s = localName + strlen(localName); // point at the nul byte
|
||||
|
||||
// Make sure the server cannot make us write to non-quake3 directories.
|
||||
if(strstr(localName, "../") || strstr(localName, "..\\"))
|
||||
{
|
||||
Com_Error(ERR_DROP, "CL_NextDownload: Invalid download name %s", localName);
|
||||
return;
|
||||
}
|
||||
|
||||
CL_BeginDownload( localName, remoteName );
|
||||
|
||||
clc.downloadRestart = qtrue;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue