Commit graph

189 commits

Author SHA1 Message Date
Zack Middleton
738465d677 Revert my recent cvar latch changes
My cvar latch system changes prevent the Game VM from changing
g_gametype when the value is out of range due to it being registed in
the engine. It's been pointed out as fragile method of security, which
was still exploitable, by Noah Metzger (Chomenor). It doesn't seem like
this is working out to be a good solution.

The issue of fs_game '..' on server being relicated on client via
systeminfo exploit is still fixed as it's not affected by latch.
There are a few cases from current values of fs_game are used which
ideally should use fs_gamedir char array which has been validated.

Revert "Don't let VMs change engine latch cvars immediately"
Partially revert "Fix fs_game '..' reading outside of home and base path"
Revert "Fix VMs forcing engine latch cvar to update to latched value"
2018-01-21 22:45:46 -06:00
Zack Middleton
3638f69dff Fix fs_game '..' reading outside of home and base path
VMs could set fs_game to '..' at anytime to access files outside of home
and base path. fs_game sent by server to clients could also be '..' to
access files outside of home and base path.

'..' was not caught by FS_CheckDirTraversal() as it expects filenames
not a single directory.

I've made fs_game be latched to prevent VMs from changing it with no
good way to validate it before it's used. com_basegame and fs_basegame
are now latched as well.

Additionally, it's now possible to change com_basegame while the engine
is running. game_restart or vid_restart will make it take affect.
com_homepath is now CVAR_PROTECTED to prevent VMs from changing it
to a directory traversal.

This requires my two previous commits for preventing VMs from changing
engine latch cvars and only Cvar_Get fs_game in FS_Startup (so CVAR_INIT
isn't added in serveral other places).

Reported by Noah Metzger (Chomenor).
2018-01-21 06:02:28 -06:00
Thomas Köppe
ed1794fe17 Change shift expressions to unsigned types. Shifting signed values to
a result that is not representable has undefined behaviour.
2018-01-21 06:01:50 -06:00
Edward Betts
fe42b8653d Correct spelling mistakes. 2017-11-22 01:40:20 -06:00
Zack Middleton
2d6171f44c Remove CVAR_PROTECTED from cl_renderer
Setting cl_renderer isn't a security concern and valid behavior for
a menu to provide. Sys_LoadDLL ensures only libries are loaded and
engine prevents QVMs from writing them.
2017-08-02 14:50:22 -05:00
Zack Middleton
9f239d647b Make 'globalservers 0' fetch all masters
This commit fixes the vanilla Q3 UI VMs not displaying a server list
when id Software's master server is down.

Originally master 0 for the globalservers command was Internet and
master 1 was MPlayer (defunct). In 2008 ioquake3 changed it so that
master 0 to 4 were five separate master servers with no affect on
original Quake3/Team Arena UI VMs; they continued to get the server
list from master.quake3arena.com.

id Software's master server (master.quake3arena.com) goes down
occasionally. Using ioq3's UI VM additional master servers can be
accessed but players using the original UI VMs are unable to get a
server list.

In order to fix the original UI VMs in Quake3/Team Arena's pk3s this
commit makes 'globalservers 0' fetch all master servers. So players
get a combined list of id Software's and ioquake3's master list. Or
just ioquake3's list if id Software's master is down.

Getting lists from individual master servers using globalservers has
changed from 0 through 4 to 1 through 5 to accommodate using 0 for
other purposes. This commit modifies ioq3's UI code to support the new
values for globalservers command.

A side affect of these changes is that UI VMs based on ioq3 since 2008
will have Internet1 fetch all master servers and Internet2 request
sv_master1 instead of sv_master2 and so on. It may be worth noting that
getting server list from masters 3-5 could not be done using ioq3's UI
before 2011.
2017-07-20 15:39:51 -05:00
Zack Middleton
e9436abff0 Only allow connectionless print/echo from server/rcon address
Reported by Ensiform.
2017-06-10 19:15:26 -05:00
Zack Middleton
eecc8326a0 Save connect and playdemo argument before calling CL_Disconnect()
Save argument instead of using a pointer to cmd token memory that
might be overwritten when Cmd_TokenizeString() is called.

No known method for causing the issue without engine changes.
Cmd_TokenizeString() is called by FS_PureServerSetReferencedPaks()
in CL_Disconnect() but it's not an issue because the string is
blank.

Thanks @mickael9.
2017-05-24 12:46:25 -05:00
SmileTheory
376267d534 Don't load .pk3s as .dlls, and don't load user config files from .pk3s. 2017-03-13 14:14:00 -07:00
Zack Middleton
978afd7590 Avoid shuting down opus voip codec multiple times 2016-10-09 18:30:19 -05:00
SmileTheory
1246d16834 Default cl_renderer to opengl2. 2016-10-02 20:00:59 -07:00
SmileTheory
1972128927 Better defaults for joystick axes.
These changed from SDL1->SDL2 afaict.
2016-08-04 21:31:26 -07:00
Victor Roemer
398dea397c Fix Makefile for OSX
Bump base SDK from 10.5 -> 10.7
Just use the builtin __APPLE__
2016-06-12 17:17:33 -04:00
Zack Middleton
8b458e5457 Fix warnings that names passed to Name_PlayerNameCompletion is not const 2016-05-09 10:41:58 -05:00
Zack Middleton
615b73288f Use Opus for VoIP
Server/client VoIP protocol is handled by adding new cvars
cl_voipProtocol and sv_voipProtocol, sv_voip and cl_voip
are used to auto set/clear them. All users need to touch
are cl/sv_voip as 0 or 1 just like before.

Old Speex VoIP packets in demos are skipped.
New VoIP packets are skipped in demos if sv_voipProtocol
doesn't match cl_voipProtocol.

Notable difference between usage of speex and opus codecs,
when using Speex client would be sent 80ms at a time.
Using Opus, 60ms is sent at a time. This was changed because
the Opus codec supports encoding up to 60ms at a time.
(Simpler to send only one codec frame in a packet.)
2016-01-06 05:19:10 -06:00
Zachary J. Slater
fe619680f8 Merge pull request #73 from Pan7/sayto
sayto cmd with player name completion
2015-12-28 09:04:19 -08:00
Tim Angus
7e0dac7517 Fix check for empty rconpassword in CL_Rcon_f 2015-10-04 21:11:35 +01:00
Zack Middleton
b4b68b8e80 Remove logically dead code from CL_GetServerStatus
Found by Coverity.
2015-07-12 21:14:04 -05:00
Jeff Kent
63e6c82f4b fix buffer overflow in CL_CheckForResend 2015-04-18 22:43:47 -05:00
Tim Angus
f83334d81b Add facility to describe cvars 2014-09-26 14:29:51 +01:00
Zack Middleton
0853c85e19 Fix incorrect strncat usage in CL_ServerInfoPacket 2014-08-27 20:35:16 -05:00
Pan7
f62d4c7f1c sayto cmd with player name completion 2014-07-18 00:15:05 +02:00
Zack Middleton
90eb32c5ab Clear referenced paks when disconnecting
After playing Team Arena, if you switch to Q3A and try to play a demo with
cl_allowDownload enabled it would print "Need Paks: blah blah" and not play the demo.
2014-02-08 22:09:30 -06:00
Zack Middleton
52e72408d9 Fix demoName Com_sprintf size larger than buffer
Maybe this is why demoName is a static global with the comment 'compiler bug workaround'?
2014-01-12 16:22:46 -06:00
Ensiform
93be2655f8 Remove unused cvar_t variable cl_trn 2013-11-11 01:09:10 -06:00
Tim Angus
7ae49cc237 Fix video recording sync drift (patch refactored but original author unknown) 2013-11-02 19:11:14 +00:00
Zack Middleton
e0a42885d9 Clear more variables in CL_InitServerInfo
Have cls.localServers use CL_InitServerInfo.
Don't set cls.localServers netType to from.type, it's the wrong value.

Note: server->visible is not cleared in CL_InitServerInfo, as stated by a comment below a place where CL_InitServerInfo is used.
2013-10-28 15:23:01 -05:00
Zack Middleton
4776fb4767 (bug #5984) Unload renderer lib 2013-07-08 16:36:30 -06:00
Zack Middleton
6b13806066 Fix getting servers from and being listed on id's q3 master server
Use q3 master protocol when com_gamename is Quake3Arena (the default), otherwise use dpmaster protocol.
2013-07-07 16:31:36 -05:00
Zack Middleton
2937ac7661 Allow adjusting VoIP gain and mute during SP demo playback 2013-06-04 23:19:47 -05:00
Zack Middleton
b009528e6a Fix displaying demo name when loading demo 2013-03-09 15:58:35 -06:00
Zack Middleton
26b1fcc471 Save all arguments from connect for reconnect command.
Remove unnecessary localhost check from reconnect command.
2012-12-16 19:20:08 +00:00
Zack Middleton
aac23d6934 Fix reconnect command to work after leaving server. (#5794) 2012-12-15 23:33:02 +00:00
Zack Middleton
d79ea2e5cd - Allow changing cl_voip without restarting.
- Fix assert failing in CL_ParseVoip() while flipping cl_voip off and on.
2012-12-14 07:32:07 +00:00
Zack Middleton
10a574e6ed Remove unused function CL_DisconnectPacket. Pointed out by Ensiform. 2012-11-24 20:55:47 +00:00
Zack Middleton
05bc03d32d Remove anti tamper leftover code 'CL_ChangeReliableCommand'. From Ensiform. 2012-11-18 22:12:30 +00:00
Zack Middleton
016b74b633 Fix restoring old fs_game upon leaving a server. Patch by Ensiform. 2012-10-30 16:51:06 +00:00
Zack Middleton
faa0cb04c1 Show reason non-default renderer failed to load. 2012-10-30 07:43:44 +00:00
Zack Middleton
f3e7012bdb REFACTOR [a vs an]
From /dev/humancontroller.
2012-06-18 16:31:16 +00:00
Zack Middleton
88020d5fb8 #5485 - Use Sys_LoadDll to search in the local directory for the fallback default renderer. Patch by Harley Laue. 2012-04-04 17:21:17 +00:00
Zack Middleton
33d66c8034 Added range checks to j_*_axis cvars. 2012-02-15 18:47:50 +00:00
Zack Middleton
91fd58f6e4 Allow analog joystick up axis to be remapped too. 2012-02-15 18:09:24 +00:00
Zack Middleton
d9b72dedc1 Require gamename if not supporting legacy protocol. 2011-09-07 19:38:19 +00:00
Zack Middleton
56f5fedee9 - Only need cl_cURLLib cvar if USE_CURL_DLOPEN is defined.
- Try to load libcurl-4.dll on win32 (it use to be included in the NSIS installer).
2011-08-29 13:57:46 +00:00
Zack Middleton
abe85940ae Disabled getting motd from update server in standalone build. 2011-08-22 20:30:45 +00:00
Thilo Schulz
06628af7c5 Don't do game_restart if game directory changed from "" to "baseq3" or "baseq3" to "" 2011-08-03 00:58:33 +00:00
Thilo Schulz
0bc54ab696 Fix game restart after curl download finished 2011-08-02 23:34:50 +00:00
Thilo Schulz
c21dee0b37 [16:31:51] <ZTurtleMan> Thilo: two small fixes, one for r2112 and one for r2116. http://pastebin.com/raw.php?i=h19r211Z 2011-08-01 14:40:53 +00:00
Thilo Schulz
eb9fe030c4 Batch of bug fixes for gamecode. Patch compiled and log message written by Tobias Kuehnhammer (#5144)
################################################################################
This Patch fixes:
################################################################################

- The "fraglimit warning" was not played at all, if on the blue team.
- The "where" console command was broken.
- Obelisk explosion wasn't drawn if no Rocketlauncher was loaded.
- Impact marks sometimes didn't draw at all.
- IMPORTANT BUGFIX: No killing for cheaters with Lightning gun and Gauntlet.
- If two doors are close to each other a spectator couldn't fly through them.
- More robust, efficient and logical respawning routine.
  NOTE: The game.qvm will get notable smaller and will use LESS MEMORY!
- Drowning sounds are fixed. Now they are played as intended. (as the id
comment
  in the source code shows).
- Some AI bugs (OVERFLOW!) in the bot movement code.
- Several "Team Arena" Overload and Harvester bugs.
- Stops bots from attacking a team mate (player) who only changed teams.
- Some voice chats and CTF commands fixed.
- "Team_ReturnFlag" was called twice, which did wired things sometimes. 
  NOTE: (G_RunItem checks CONTENTS_NODROP already!)
- A bugfix for Gauntlet animation.
- Incorrect CTF scoring.
- A bunch of corrected comments and print lines ("\n").
- Some regularity of expression and some small trivial bugs.

################################################################################
Details:
################################################################################

********************************************************************************
BUG: in gamemode GT_TEAM the fraglimit warning will not be played if joining
the
     blue team!
--------------------------------------------------------------------------------
Solution: In "CG_CheckLocalSounds": if cgs.scores2 > highScore, highScore
should
          be cgs.scores2.
********************************************************************************
BUG: the "where" console command doesn't work as expected (it's always 0 0 0) 
     but not in id Quake 3 Arena. It seems that now Ioquake3 is affected!
--------------------------------------------------------------------------------
Solution: In Function "Cmd_Where_f" ent->s.origin should be 
          ent->r.currentOrigin.
********************************************************************************
BUG: in gamemode GT_OBELISK obelisk explosion won't be drawn if there is no 
     Rocketlauncher loaded. (The "maps without Rocketlauncher" bug)
--------------------------------------------------------------------------------
Solution: in "cg_main.c": cgs.media.rocketExplosionShader should be registered 
          if gamemode is GT_OBELISK.
********************************************************************************
BUG: Impact marks sometimes doesn't draw at all. Not easy to reproduce if you 
     don't play (io)Quake3 every day and know the places where it happens! ;) 
     But anyway...
     Test: start q3dm12 go to "Long Jump Canyon" (where the small platform 
     teleporter for the BFG is) place yourself at the point where the railgun 
     spawns, look in the direction where the red suspended armor is. Now shoot
     at the sloped wall on the out/leftside of the door you see. (the sloped 
     wall should be nearly in the center of your screen now). If you choose the 
     correct brush face and shoot up and down at this brush face, the impact 
     marks sometimes aren't visible.

     There are hundreds of custom maps where this can happen!
--------------------------------------------------------------------------------
Solution: I replaced the function "SnapVectorTowards" with the one from 
         "Wolfenstein - Enemy Territory (GPL Source Code)"
********************************************************************************
BUG: Normally "NOCLIP" cheaters are logically not allowed to fire a gun.
     Unfortunatly the Gauntlet (and Lightning gun) was forgotten and not 
     restricted to that. All weapons except those two were handled correct. 
--------------------------------------------------------------------------------
Solution: Make Gauntlet and Lightning gun not firing for someone who cheats 
          with "NOCLIP" (like all other weapons).
********************************************************************************
NOTE: A few bugfixes are not mine and are reported here: 
      http://www.quake3world.com/forum/viewtopic.php?f=16&t=9179.

      Thanks to Quake3world, for all those years and the good guys there!
********************************************************************************
BUG: During making a mod I found a very strange bug, which mainly occurs if
     someone tries to implement a lot of singleplayer monsters which should
walk
     slowly (like the "Crash" bot). So if someone wants to make slow down bots
     or monsters when they are walking towards a goal and alter the function
     "BotMoveInGoalArea" then the bots/monsters do stupid things. Otherwise and
     this is the default (also buggy) behavior they start running although they
     shouldn't (as seen with the "Crash" bot and will not be fixed here).
--------------------------------------------------------------------------------
Solution: Fix overflow in bot user command. BUGFIX from "Hunt" mod by J. 
          Hoffman.
********************************************************************************
BUG: in function "BotMoveToGoal" the special elevator case doesn't make sense.
--------------------------------------------------------------------------------
Solution: in "be_ai_move.c": ((result->flags & MOVERESULT_ONTOPOF_FUNCBOB) ||
                              (result->flags & MOVERESULT_ONTOPOF_FUNCBOB)) 
                   should be ((result->flags & MOVERESULT_ONTOPOF_ELEVATOR) ||
                              (result->flags & MOVERESULT_ONTOPOF_FUNCBOB)).
********************************************************************************
BUG: in function "BotWantsToRetreat" and "BotWantsToChase" this is wrong:
     "(bs->enemy != redobelisk.entitynum || bs->enemy !=
blueobelisk.entitynum)"
--------------------------------------------------------------------------------
Solution: "... redobelisk.entitynum) && (bs->enemy != blueobelisk.." is
correct.
********************************************************************************
BUG: in gamemode GT_OBELISK there are too many node switches for bots 
     (test: mpq3tourney6 with many bots). If that happens, game becomes 
     unplayable. I don't know if this is the best solution but here it is:
--------------------------------------------------------------------------------
Solution: In function "AINode_Battle_Fight" right after:
if (!BotEntityVisible(bs->entitynum, bs->eye, bs->viewangles, 360, bs->enemy))
{
   I added this: 
#ifdef MISSIONPACK
    if (bs->enemy == redobelisk.entitynum || bs->enemy == 
                                                        blueobelisk.entitynum)
{
    AIEnter_Battle_Chase(bs, "battle fight: obelisk out of sight");
    return qfalse;
    }
#endif
********************************************************************************
BUG: in gamemode >= GT_TEAM, after team change, bots will (sometimes) not stop
     shooting at you, although you are on their team now. It seems that the 
     configstrings are f***** up or not reliable in this case!
--------------------------------------------------------------------------------
Solution: In function "BotTeam" and "BotSameTeam" get the real team values.
********************************************************************************
BUG: Some of the bots voice commands are wrong. They are commanded to attack
the
     enemy base but they say "Okay, I will defend!"
--------------------------------------------------------------------------------
Solution: Corrected some voice commands in "BotCTFOrders_FlagNotAtBase" and
         "Bot1FCTFOrders_EnemyDroppedFlag"
********************************************************************************
BUG: Spectators couldn't fly through doors if they are very close to each
other.
     You can test it with some regular id maps (q3dm14, q3dm12) but there are
     also many custom maps where this can happen! This is annoying because in 
     the worst case you can't move at all and are caught inside a door.
--------------------------------------------------------------------------------
Solution: There is a solution in a mod called "Hunt" by J. Hoffman. 
          Bugfix is included in this patch!
********************************************************************************
BUG: During making a mod I found it very hard to implement some of my ideas
     (something like "Limbo" or "Meeting") because of the way the player spawn
     effect, intermission and spawning on victory pads is handled. I reworked
it
     a bit and simplified it so that the effect is handled when a client      
     respawns
     (as the name says) and not when a client begins. I think this will help 
     more
     mod makers everytime they want to make changes to spawning of players,
bots
     on victory pads or monsters... and want to avoid spectators with 
     Machineguns
     which can kill and score... :()

     NOTE: I also renamed the poorly named function "respawn" 
           to "ClientRespawn". If someone searches the code base for "respawn" 
           it was really hard to find the correct place for what was 
           meant. "respawn" is used so often, that you really get headache ... 
           now with "ClientRespawn" it's easier!

     IMPORTANT: The whole respawning, moving to intermission point and 
                everything related to that is now done in a more reliable way 
                without changing the default behavior. (How critical the whole 
                spwaning mess was did you see by yourself (ioquake3 rev. 2076). 
                With this patch it's safer. 
                Trust me, I spent hours of fixing silly problems...
-------------------------------------------------------------------------------- 
Solution: Simplified "ClientBegin" and moved the teleport event  
          to "ClientSpawn".
********************************************************************************
BUG: If a player is dying or hurted under water the hurt/dying sounds AND the
     drowning sounds are played together. This is silly. Moreover it's no good
     idea to let the server play client sounds! There was a solution in a mod 
     called "Q3A++" by Dan 'Neurobasher' Gomes which fixes the problem.
--------------------------------------------------------------------------------
Solution: Created a "CG_WaterLevel" function to play the appropriate sounds.
********************************************************************************

################################################################################
2011-08-01 11:39:33 +00:00
Thilo Schulz
8ab91bde8e - Fix already defined command warnings for minimize
- Fix recursive CL_Shutdown warning and "command already defined" warnings when quitting while playing on a server that changed the gamedir.
2011-08-01 10:16:40 +00:00