teambeef/ioq3quest
0
0
Fork 0
mirror of https://github.com/DrBeef/ioq3quest.git synced 2025-02-21 11:30:56 +00:00
Code Issues Projects Releases Packages Wiki Activity

Prevent servers from making clients download files that are written to non-quake3 directories.

Browse source
This commit is contained in:
Thilo Schulz 2006-05-28 14:36:37 +00:00
parent af7fa1784d
commit 856a397e8c
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
code/client/cl_main.c
View file

@ -1443,6 +1443,13 @@ void CL_NextDownload(void) {
*s++ = 0; *s++ = 0;
else else
s = localName + strlen(localName); // point at the nul byte s = localName + strlen(localName); // point at the nul byte
// Make sure the server cannot make us write to non-quake3 directories.
if(strstr(localName, "../"))
{
Com_Error(ERR_DROP, "CL_NextDownload: Invalid download name %s", localName);
return;
}
CL_BeginDownload( localName, remoteName ); CL_BeginDownload( localName, remoteName );