qf/quakeforge
0
0
Fork 0
mirror of https://git.code.sf.net/p/quake/quakeforge synced 2024-11-10 15:22:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix a glaring security hole

Browse source
This commit is contained in:
Bill Currie 2001-11-09 07:33:32 +00:00
parent 0dffb8bfcb
commit db929ff2ef
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
qw/source/console.c
View file

@ -224,11 +224,15 @@ Con_Condump_f (void)
char name[MAX_OSPATH]; char name[MAX_OSPATH];
if (Cmd_Argc () != 2) { if (Cmd_Argc () != 2) {
Con_Printf ("usage: condump <filename>"); Con_Printf ("usage: condump <filename>\n");
return; return;
} }
snprintf (name, sizeof (name), "%s/%s", com_gamedir, Cmd_Argv (1)); if (strchr (Cmd_Argv (1), '/') || strchr (Cmd_Argv (1), '\\')) {
Con_Printf ("invalid character in filename\n");
return;
}
snprintf (name, sizeof (name), "%s/%s.txt", com_gamedir, Cmd_Argv (1));
if (!(file = Qopen (name, "wt"))) { if (!(file = Qopen (name, "wt"))) {
Con_Printf ("could not open %s for writing: %s\n", name, Con_Printf ("could not open %s for writing: %s\n", name,