teambeef/ioq3quest
0
0
Fork 0
mirror of https://github.com/DrBeef/ioq3quest.git synced 2024-11-27 06:13:01 +00:00
Code Issues Projects Releases Packages Wiki Activity

Forgot to check for windows-style path seperator in precaution against directory traversal abuse.

Browse source
This commit is contained in:
Thilo Schulz 2006-06-01 00:23:46 +00:00
parent 503c0a22c6
commit 9af85d9378
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
code/client/cl_main.c
View file

@ -1445,7 +1445,7 @@ void CL_NextDownload(void) {
s = localName + strlen(localName); // point at the nul byte
// Make sure the server cannot make us write to non-quake3 directories.
if(strstr(localName, "../"))
if(strstr(localName, "../") || strstr(localName, "..\\"))
{
Com_Error(ERR_DROP, "CL_NextDownload: Invalid download name %s", localName);
return;