teambeef/ioq3quest
0
0
Fork 0
mirror of https://github.com/DrBeef/ioq3quest.git synced 2024-11-26 14:01:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Check for all command separators in callTeamVote

Browse source 
Make callTeamVote check for all command separators like in callVote.
It's not exploitable as the only vote option (leader) always uses an
integer argument.

Also the ioquake3 engine remove command separators from client game
commands in Cmd_Args_Sanitize().
This commit is contained in:
Zack Middleton 2017-08-09 18:27:39 -05:00
parent 0bce5463f7
commit f0b74a27c9
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
code/game/g_cmds.c
View file

@ -1489,9 +1489,16 @@ void Cmd_CallTeamVote_f( gentity_t *ent ) {
trap_Argv( i, &arg2[strlen(arg2)], sizeof( arg2 ) - strlen(arg2) ); trap_Argv( i, &arg2[strlen(arg2)], sizeof( arg2 ) - strlen(arg2) );
} }
if( strchr( arg1, ';' ) || strchr( arg2, ';' ) ) { // check for command separators in arg2
trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string.\n\"" ); for( c = arg2; *c; ++c) {
return; switch(*c) {
case '\n':
case '\r':
case ';':
trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string.\n\"" );
return;
break;
}
} }
if ( !Q_stricmp( arg1, "leader" ) ) { if ( !Q_stricmp( arg1, "leader" ) ) {