okseby/Quake-III-Arena
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security fix: prevent command injection via callvote

Browse source
This commit is contained in:
Ludwig Nussel 2009-01-17 23:09:58 +00:00
parent cde5fcfb9b
commit f5aae78481
4 changed files with 29 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

14
code/game/g_cmds.c
View file

@ -1213,6 +1213,7 @@ Cmd_CallVote_f
==================
*/
void Cmd_CallVote_f( gentity_t *ent ) {
char* c;
int i;
char arg1[MAX_STRING_TOKENS];
char arg2[MAX_STRING_TOKENS];
@ -1239,9 +1240,16 @@ void Cmd_CallVote_f( gentity_t *ent ) {
trap_Argv( 1, arg1, sizeof( arg1 ) );
trap_Argv( 2, arg2, sizeof( arg2 ) );
if( strchr( arg1, ';' ) || strchr( arg2, ';' ) ) {
trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string.\n\"" );
return;
// check for command separators in arg2
for( c = arg2; *c; ++c) {
switch(*c) {
case '\n':
case '\r':
case ';':
trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string.\n\"" );
return;
break;
}
}
if ( !Q_stricmp( arg1, "map_restart" ) ) {