don't expand certain cvars from insecure command calls, fix server stuffcmd command

git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@2326 fc73d0e0-1445-4013-8a0c-d673dee63da5
2006-06-12 22:05:41 +00:00 · 2006-06-12 22:05:41 +00:00 · 3b0c07281d
commit 3b0c07281d
parent 78c35eee81
6 changed files with 36 additions and 33 deletions
--- a/engine/client/cl_main.c
+++ b/engine/client/cl_main.c
@ -41,9 +41,9 @@ void Name_Callback(struct cvar_s *var, char *oldvalue);
 qboolean	noclip_anglehack;		// remnant from old quake


-cvar_t	rcon_password = SCVAR("rcon_password", "");
+cvar_t	rcon_password = SCVARF("rcon_password", "", CVAR_NOUNSAFEEXPAND);

-cvar_t	rcon_address = SCVAR("rcon_address", "");
+cvar_t	rcon_address = SCVARF("rcon_address", "", CVAR_NOUNSAFEEXPAND);

 cvar_t	cl_timeout = SCVAR("cl_timeout", "60");

@ -95,7 +95,7 @@ extern int			total_loading_size, current_loading_size, loading_stage;
 //
 // info mirrors
 //
-cvar_t	password = SCVARF("password",		"",			CVAR_USERINFO);	//this is parhaps slightly dodgy...
+cvar_t	password = SCVARF("password",		"",			CVAR_USERINFO | CVAR_NOUNSAFEEXPAND); //this is parhaps slightly dodgy...
 cvar_t	spectator = SCVARF("spectator",		"",			CVAR_USERINFO);
 cvar_t	name = SCVARFC("name",				"unnamed",	CVAR_ARCHIVE | CVAR_USERINFO, Name_Callback);
 cvar_t	team = SCVARF("team",				"",			CVAR_ARCHIVE | CVAR_USERINFO);
@ -3186,7 +3186,7 @@ void CL_ReadCDKey(void)
 				break;
 			}
 		}
-		var = Cvar_Get("cl_cdkey", buffer, CVAR_LATCH, "Q3 compatability");
+		var = Cvar_Get("cl_cdkey", buffer, CVAR_LATCH|CVAR_NOUNSAFEEXPAND, "Q3 compatability");
 	}
 }
 #endif
--- a/engine/common/cmd.c
+++ b/engine/common/cmd.c
@ -1095,7 +1095,7 @@ char *Cmd_ExpandString (char *data, char *dest, int destlen, int maxaccesslevel,
 				buf[i] = 0;
 				if ( (var = Cvar_FindVar(buf+striptrailing)) != NULL )
 				{
-					if (var->restriction <= maxaccesslevel)
+					if (var->restriction <= maxaccesslevel && !((var->flags & CVAR_NOUNSAFEEXPAND) && Cmd_IsInsecure()))
 						bestvar = var;
 				}
 #ifndef SERVERONLY
--- a/engine/common/cvar.c
+++ b/engine/common/cvar.c
@ -158,6 +158,8 @@ char *Cvar_FlagToName(int flag)
 		return "serverlatch";
 	case CVAR_RENDERERCALLBACK:
 		return "rendercallback";
+	case CVAR_NOUNSAFEEXPAND:
+		return "nounsafeexpand";
 	}

 	return NULL;
--- a/engine/common/cvar.h
+++ b/engine/common/cvar.h
@ -105,8 +105,9 @@ typedef struct cvar_group_s
 #define CVAR_RENDERERLATCH		1024	//requires a vid_restart to reapply.
 #define CVAR_SERVEROVERRIDE		2048	//the server has overridden out local value - should probably be called SERVERLATCH
 #define CVAR_RENDERERCALLBACK	4096 //force callback for cvars on renderer change
+#define CVAR_NOUNSAFEEXPAND		8192 // do not expand cvar value when command is from gamecode

-#define CVAR_LASTFLAG CVAR_RENDERERCALLBACK
+#define CVAR_LASTFLAG CVAR_NOUNSAFEEXPAND

 #define CVAR_LATCHMASK		(CVAR_LATCH|CVAR_RENDERERLATCH|CVAR_SERVEROVERRIDE|CVAR_CHEAT|CVAR_SEMICHEAT)	//you're only allowed one of these.
 #define CVAR_NEEDDEFAULT	CVAR_CHEAT
--- a/engine/server/sv_ccmds.c
+++ b/engine/server/sv_ccmds.c
@ -1133,30 +1133,30 @@ void SV_StuffToClient_f(void)

 	//a list of safe, allowed commands. Allows any extention of this.
 	if (strchr(str, '\n') || strchr(str, ';') || (
-		strncmp(str, "setinfo", 7) &&
-		strncmp(str, "quit", 4) &&
-		strncmp(str, "gl_fb", 5) &&
-		strncmp(str, "r_fb", 4) &&
-		strncmp(str, "say", 3) &&	//note that the say parsing could be useful here.
-		strncmp(str, "echo", 4) &&
-		strncmp(str, "name", 4) &&
-		strncmp(str, "skin", 4) &&
-		strncmp(str, "color", 5) &&
-		strncmp(str, "cmd", 3) &&
-		strncmp(str, "fov", 3) &&
-		strncmp(str, "connect", 7) &&
-		strncmp(str, "rate", 4) &&
-		strncmp(str, "cd", 2) &&
-		strncmp(str, "easyrecord", 10) &&
-		strncmp(str, "leftisright", 11) &&
-		strncmp(str, "menu_", 5) &&
-		strncmp(str, "r_fullbright", 12) &&
-		strncmp(str, "toggleconsole", 13) &&
-		strncmp(str, "v_i", 3) &&	//idlescale vars
-		strncmp(str, "bf", 2) &&
-		strncmp(str, "+", 1) &&
-		strncmp(str, "-", 1) &&
-		strncmp(str, "impulse", 7) &&
+		!strncmp(str, "setinfo", 7) &&
+		!strncmp(str, "quit", 4) &&
+		!strncmp(str, "gl_fb", 5) &&
+		!strncmp(str, "r_fb", 4) &&
+//		!strncmp(str, "say", 3) &&	//note that the say parsing could be useful here.
+		!strncmp(str, "echo", 4) &&
+		!strncmp(str, "name", 4) &&
+		!strncmp(str, "skin", 4) &&
+		!strncmp(str, "color", 5) &&
+		!strncmp(str, "cmd", 3) &&
+		!strncmp(str, "fov", 3) &&
+		!strncmp(str, "connect", 7) &&
+		!strncmp(str, "rate", 4) &&
+		!strncmp(str, "cd", 2) &&
+		!strncmp(str, "easyrecord", 10) &&
+		!strncmp(str, "leftisright", 11) &&
+		!strncmp(str, "menu_", 5) &&
+		!strncmp(str, "r_fullbright", 12) &&
+		!strncmp(str, "toggleconsole", 13) &&
+		!strncmp(str, "v_i", 3) &&	//idlescale vars
+		!strncmp(str, "bf", 2) &&
+		!strncmp(str, "+", 1) &&
+		!strncmp(str, "-", 1) &&
+		!strncmp(str, "impulse", 7) &&
 		1))
 	{
 		Con_Printf("You're not allowed to stuffcmd that\n");
--- a/engine/server/sv_main.c
+++ b/engine/server/sv_main.c
@ -90,14 +90,14 @@ cvar_t	zombietime = SCVAR("zombietime", "2");	// seconds to sink messages
 #ifdef SERVERONLY
 cvar_t	developer = SCVAR("developer","0");		// show extra messages

-cvar_t	rcon_password = SCVAR("rcon_password", "");	// password for remote server commands
-cvar_t	password = SCVAR("password", "");	// password for entering the game
+cvar_t	rcon_password = SCVARF("rcon_password", "", CVAR_NOUNSAFEEXPAND);	// password for remote server commands
+cvar_t	password = SCVARF("password", "", CVAR_NOUNSAFEEXPAND);	// password for entering the game
 #else
 extern cvar_t	developer;
 extern cvar_t	rcon_password;
 extern cvar_t	password;
 #endif
-cvar_t	spectator_password = SCVAR("spectator_password", "");	// password for entering as a sepctator
+cvar_t	spectator_password = SCVARF("spectator_password", "", CVAR_NOUNSAFEEXPAND);	// password for entering as a sepctator

 cvar_t	allow_download = SCVAR("allow_download", "1");
 cvar_t	allow_download_skins = SCVAR("allow_download_skins", "1");