qf/newtree
0
0
Fork 0
mirror of https://git.code.sf.net/p/quake/newtree synced 2025-04-24 23:31:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

change the client side download rename code to reject ANY new / in the file

Browse source 
name. This means that if maps/foo.bsp is requested, maps/foo.bsp/nasty_server
will be rejected but maps/foo.bsp.gz will be accepted.
This commit is contained in:
Bill Currie 2000-09-28 15:35:05 +00:00
parent f6cdc275f0
commit 6cfe4a3128
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
source/cl_parse.c
View file

@ -394,8 +394,7 @@ void CL_ParseDownload (void)
if (size == -2) { if (size == -2) {
char *newname = MSG_ReadString(); char *newname = MSG_ReadString();
if (strncmp (newname, cls.downloadname, strlen(cls.downloadname)) if (strncmp (newname, cls.downloadname, strlen(cls.downloadname))
|| strstr(newname, "/../") || strstr(newname+strlen(cls.downloadname), "/")) {
|| strstr(newname, "/./")) {
Con_Printf ("WARNING: server tried to give a strange new name: %s\n", Con_Printf ("WARNING: server tried to give a strange new name: %s\n",
newname); newname);
CL_RequestNextDownload (); CL_RequestNextDownload ();