jedi-academy/codemp/qcommon
Jonathan Gray 61687fff0c CVE-2011-2764/CVE-2011-3012 check for dangerous file extensions
CVE-2011-2764
The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the
ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin'
Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly
determine dangerous file extensions, which allows remote attackers to
execute arbitrary code via a crafted third-party addon that creates a
Trojan horse DLL file.

CVE-2011-3012
The ioQuake3 engine, as used in World of Padman 1.2 and earlier,
Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for
dangerous file extensions before writing to the quake3 directory, which
allows remote attackers to execute arbitrary code via a crafted
third-party addon that creates a Trojan horse DLL file, a different
vulnerability than CVE-2011-2764.

bugzilla #3695

from Tim Angus in ioquake3
svn 1405 git 2c0861c1cea44861c5ceba2dc39e601d6bc3f0af

* (bug 3695) Not allowing to write file with lib extention (.dll/.so/...)
  (TsT <tst2006@gmail.com>)

from Tim Angus in ioquake3
svn 1499 git 48d8c8876b6ec035b0bb85f4d3c47c9210c3ca30

* s/FS_FilenameIsExecutable/FS_CheckFilenameIsNotExecutable/g
* Fix potential buffer under run in FS_CheckFilenameIsNotExecutable

from Thilo Schulz in ioquake3
svn 2098 git c4f739b8d03ca203435744c4a96e3561863ccdfe

Fix extension name comparison for DLL files

from Zack Middleton in ioquake3
git 6c88bf8aeee3c1e5449682f874f91e86cb393ef4

Rename FS_CheckFilenameIsNotExecutable to ..NotImmutable

from Harley Laue in ioquake3
git 1b2a6abed996b43eb108486abbda449b3d16e019

Rename FS_CheckFilenameIsNotImmutable to ..IsMutable
2013-05-07 22:20:02 +10:00
..
chash.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_draw.cpp USHORT -> unsigned short 2013-04-25 23:51:54 +10:00
cm_draw.h fix #includes to compile on non windows without pch 2013-04-25 23:51:46 +10:00
cm_landscape.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_load.cpp stricmp -> Q_stricmp 2013-04-25 23:51:55 +10:00
cm_load_xbox.cpp stricmp -> Q_stricmp 2013-04-25 23:51:55 +10:00
cm_local.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_patch.cpp set some possibly uninitialised vars to zero 2013-05-02 13:47:51 +10:00
cm_patch.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_patch_xbox.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_polylib.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_polylib.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_public.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_randomterrain.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_randomterrain.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_shader.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_terrain.cpp stricmp -> Q_stricmp 2013-04-25 23:51:55 +10:00
cm_terrainmap.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_terrainmap.h remove surplus tokens after preprocessor directives 2013-05-02 13:47:50 +10:00
cm_test.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
cm_trace.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
cmd_common.cpp add Cmd_TokenizeStringIgnoreQuotes modelled after ioquake3 2013-05-07 22:18:44 +10:00
cmd_console.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
cmd_pc.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
CNetProfile.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
common.cpp vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
cvar.cpp CVE-2006-3325 arbitrary cvar overwrite 2013-05-07 22:18:55 +10:00
disablewarnings.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
exe_headers.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
exe_headers.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
files.cpp vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
files.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
files_common.cpp vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
files_console.cpp stricmp -> Q_stricmp 2013-04-25 23:51:55 +10:00
files_pc.cpp CVE-2011-2764/CVE-2011-3012 check for dangerous file extensions 2013-05-07 22:20:02 +10:00
fixedmap.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
game_version.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
GenericParser2.cpp stricmp -> Q_stricmp 2013-04-25 23:51:55 +10:00
GenericParser2.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
hstring.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
hstring.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
huffman.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
INetProfile.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
md4.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
MiniHeap.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
msg.cpp remove surplus tokens after preprocessor directives 2013-05-02 13:47:50 +10:00
net_chan.cpp vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
platform.h replace some #elif __linux__ with #else 2013-04-25 12:46:05 +10:00
q_math.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
q_shared.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
qcommon.h CVE-2011-2764/CVE-2011-3012 check for dangerous file extensions 2013-05-07 22:20:02 +10:00
qfiles.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
RoffSystem.cpp CVE-2006-2236 Buffer overflow in the Quake 3 Engine 2013-05-07 22:18:45 +10:00
RoffSystem.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
sparc.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
sstring.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
stringed_ingame.cpp const fixes 2013-05-02 13:47:51 +10:00
stringed_ingame.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
stringed_interface.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
stringed_interface.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
tags.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
timing.h provide a gcc style alternative to the inline asm in timing.h 2013-04-25 23:51:54 +10:00
unzip.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
unzip.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
vm.cpp CVE-2006-2236 Buffer overflow in the Quake 3 Engine 2013-05-07 22:18:45 +10:00
vm_console.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
vm_interpreted.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
vm_local.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
vm_ppc.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
vm_x86.cpp callMask needs to be externally visible 2013-04-26 22:27:21 +10:00
z_memman_console.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00
z_memman_pc.cpp ditch dos style newlines 2013-04-23 15:21:39 +10:00