Commit graph

32 commits

Author SHA1 Message Date
Bill Currie
eae11661e4 strncat parameter audit. Unfortunatly, strncat is counter-intutite: the n in
strncat is not the maximum length of the destination string, but of the SOURCE
string, thus strncat (dest, src, sizeof (dest)) is incorrect. It should be
strncat (dest, src, sizeof (text) - strlen (dest)). Even then, no terminating
nul will be written if src is too long, but at least it won't crash the stack:)
2000-12-05 16:04:12 +00:00
Zephaniah E. Hull
66e0e31b57 strcat -> strncat
sprintf -> snprintf

AKA, really big buffer overflow security fixes.

More to come, geez we have holes everywhere.
2000-12-05 11:08:30 +00:00
Jeff Teunissen
d82b6a2e88 sv_main.c: Set the client's last_check field to -1 on connect. Unless a
player connects immediately after a timekick sample, their time WILL be
off, so don't look at them the first sample.

sv_user.c: Another location to enforce sv_maxrate, make sv_timekick and
friends ignore a user's time if it's -1, and apply double fuzz to times
lower than we expect -- it's way too sensitive otherwise. Also, some
whitespace changes.
2000-11-26 12:43:49 +00:00
Jeff Teunissen
6f40c97643 New Cvars:
sv_minqfversion: Set to the minimum allowable QuakeForge version you want
to allow on a server. QF clients prior to current CVS _will_not_work_ with
this cvar, as the QF version was not reported previously.

sv_maxrate: Change maximum rate algorithm; if sv_maxrate is nonzero, it is
the maximum rate allowed by the server. If it is unset, the maximum is
10000 like it used to be. The rate is silently capped, so it won't kick.

Cvar fixed: sv_timekick and friends; Now kicks on too little time passed
as well.

Functionality removed: "Last message repeated X times". It causes too much
trouble.
2000-11-25 14:20:04 +00:00
Anton E. Gavrilov
62d76003eb Security fixes (hope it works) 2000-11-21 00:45:36 +00:00
Bill Currie
d295f183ba remove va from commdef.h and fix the consequences 2000-10-21 07:34:56 +00:00
Bill Currie
2682888425 the big cvar value -> int_val audit. seems to work ok 2000-10-17 03:17:42 +00:00
Bill Currie
e60ae3b48c fix the paused message swaparoo 2000-10-16 03:12:03 +00:00
Bill Currie
667f28178f oops, got the sense of the zip flag backwards. Sending uncompressed files when
compressed is wanted and vv is not a good idea.
2000-09-28 13:35:59 +00:00
Bill Currie
1aa9084aa9 add support for COMPRESSED downloads!!! Of course, both client and server must
both support this. The client tells the server it can support compressed
downloads by setting the z flag in the *cap userinfo. If the server detects
that the client supports compression, and the file to be downloaded is
compressed (more accurately, has the .gz extension), the server sends a special
download packet with a size of -2 (-1 indicates error),, percent of 0, followed
by the new name of the file (eg maps/foo.bsp.gz for maps/foo.bsp). The client
WILL NOT accept a new filename that doesn not match the old name for the length
of the old name. The client also will not accept a new name if there are . or
.. path components. If the client rejects the new name, it prints a warning
message and aborts that download.
2000-09-28 06:11:55 +00:00
Bill Currie
86f87122c0 zlib support (gzipped pack contents). if you have a probelm with gzgets, you
have 3 choices: remove /usr/X11R6/lib/libz.a, --diable-zlib, or fix configure.
I do intend on fixing it myself.
2000-09-27 19:44:26 +00:00
Bill Currie
a38f854210 a little ws cleanup 2000-09-25 02:02:58 +00:00
Zephaniah E. Hull
210ba16069 First off in gl_draw.c we have some nice cleanup code for the upload
code.

Then we have the completely purge of treating 'unsigned' as a type, it
is NOT a type, it is a TYPE MODIFIER!

Under gcc for x86 it happens to try and do something sane, just treat it
as a unsigned int, but that is EVIL, it is a MODIFIER and if ANYONE adds
code which uses unsigned as a type in itself I /WILL/ harm them!!!
2000-09-22 09:08:08 +00:00
Maddes Buecher
1cb4241fb4 +USE unbound fix 2000-08-20 19:17:44 +00:00
Dabb
0bbc70dbd6 Fix for pause flood exploit. 2000-08-13 14:21:21 +00:00
Anton E. Gavrilov
3644a3056e host_frametime --> sv_frametime for server;
CVAR_FIXME cleanup.
2000-06-09 19:22:30 +00:00
Anton E. Gavrilov
5096ce59c3 Rename V_CalcRoll to SV_CalcRoll;
CVAR_FIXME cleanup.
2000-06-09 19:06:50 +00:00
Bill Currie
e98edd5f5f revert back to using f* for file io. I hope this fixes the catapult, but I wouldn't be suprised if it doesn't. 2000-05-23 22:43:36 +00:00
Joseph Carter
e9463e2db9 pretty much finishes source/* 2000-05-22 07:46:47 +00:00
Bill Currie
af032b8d55 port in some improvements from OT (namely fs_basepath, etc, though commandline parsing isn't finished yet)
split up the headerfiles and such. common.[ch] and qwsvdef.h no longer exist. More work still needs to be done (esp for windows) but this should be a major improvement.
2000-05-21 08:24:45 +00:00
Marcus Sundberg
5974810713 Fixed TRU64 warning. 2000-05-19 23:17:41 +00:00
Joseph Carter
466344b359 Not as clean as it could be, but for now it will work. 2000-05-19 03:06:05 +00:00
Bill Currie
832af13c12 all files now include config.h 2000-05-17 10:03:19 +00:00
Dan Olson
1d26c02826 Cvar merge... segfault problems... also unknown problems in vid_svga.c 2000-05-16 04:47:41 +00:00
Yan Sweitzer
1efb92f899 sprintf -> snprintf
vsprintf -> vsnprintf
2000-05-15 08:59:12 +00:00
Dan Olson
4312654fc2 Merc's speed cheat code ported from oldtree 2000-05-14 19:29:57 +00:00
Marcus Sundberg
a3a9384eec Cast isspace() and tolower() arguments to int to avoid warnings. 2000-05-14 18:10:56 +00:00
James Brown
ef696486fd Server 'crash on disconnect' bugfix 2000-05-13 23:34:08 +00:00
Joseph Carter
226ab58a84 Flymode works. 2000-05-13 22:51:05 +00:00
Joseph Carter
38f9b705b9 Whee! Every source file just got edited. Added the QF-style GPL header
to the top.  What I didn't add was descriptions.  Someone else wanna take
those on?
2000-05-11 16:03:29 +00:00
Dan Olson
b139acafc2 ^M cleanup, and qw-server compiles with -Werror 2000-05-10 20:33:16 +00:00
Joseph Carter
d859383680 Initial revision 2000-05-10 11:29:38 +00:00