security fix: prevent command injection via callvote

2009-01-17 23:09:58 +00:00 · 2009-01-17 23:09:58 +00:00 · f5aae78481
commit f5aae78481
parent cde5fcfb9b
4 changed files with 29 additions and 3 deletions
--- a/code/qcommon/cmd.c
+++ b/code/qcommon/cmd.c
@ -433,6 +433,22 @@ char *Cmd_Cmd(void)
 	return cmd_cmd;
 }

+/*
+   Replace command separators with space to prevent interpretation
+   This is a hack to protect buggy qvms
+   https://bugzilla.icculus.org/show_bug.cgi?id=3593
+*/
+void Cmd_Args_Sanitize( void ) {
+	int i;
+	for ( i = 1 ; i < cmd_argc ; i++ ) {
+		char* c = cmd_argv[i];
+		while ((c = strpbrk(c, "\n\r;"))) {
+			*c = ' ';
+			++c;
+		}
+	}
+}
+
 /*
 ============
 Cmd_TokenizeString
--- a/code/qcommon/qcommon.h
+++ b/code/qcommon/qcommon.h
@ -434,6 +434,7 @@ char	*Cmd_Args (void);
 char	*Cmd_ArgsFrom( int arg );
 void	Cmd_ArgsBuffer( char *buffer, int bufferLength );
 char	*Cmd_Cmd (void);
+void	Cmd_Args_Sanitize( void );
 // The functions that execute commands get their parameters with these
 // functions. Cmd_Argv () will return an empty string, not a NULL
 // if arg > argc, so string operations are allways safe.