From 856a397e8ce4f65b268d88127de2e4ef4e8f9f9c Mon Sep 17 00:00:00 2001
From: Thilo Schulz <arny@ats.s.bawue.de>
Date: Sun, 28 May 2006 14:36:37 +0000
Subject: [PATCH] Prevent servers from making clients download files that are
 written to non-quake3 directories.

---
 code/client/cl_main.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/code/client/cl_main.c b/code/client/cl_main.c
index 9a1bcf68..da5d116f 100644
--- a/code/client/cl_main.c
+++ b/code/client/cl_main.c
@@ -1443,6 +1443,13 @@ void CL_NextDownload(void) {
 			*s++ = 0;
 		else
 			s = localName + strlen(localName); // point at the nul byte
+		
+		// Make sure the server cannot make us write to non-quake3 directories.
+		if(strstr(localName, "../"))
+		{
+			Com_Error(ERR_DROP, "CL_NextDownload: Invalid download name %s", localName);
+			return;
+		}
 
 		CL_BeginDownload( localName, remoteName );