ubergames/lilium-voyager
0
0
Fork 0
mirror of https://github.com/UberGames/lilium-voyager.git synced 2024-11-10 06:31:47 +00:00
Code Issues Projects Releases Packages Wiki Activity

Check for all command separators in callTeamVote

Browse source 
Make callTeamVote check for all command separators like in callVote.
It's not exploitable as the only vote option (leader) always uses an
integer argument.

Also the ioquake3 engine remove command separators from client game
commands in Cmd_Args_Sanitize().
This commit is contained in:
Zack Middleton 2017-08-09 18:27:39 -05:00
parent 0bce5463f7
commit f0b74a27c9
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
code/game/g_cmds.c
View file

@ -1489,9 +1489,16 @@ void Cmd_CallTeamVote_f( gentity_t *ent ) {
trap_Argv( i, &arg2[strlen(arg2)], sizeof( arg2 ) - strlen(arg2) );
}
if( strchr( arg1, ';' ) || strchr( arg2, ';' ) ) {
trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string.\n\"" );
return;
// check for command separators in arg2
for( c = arg2; *c; ++c) {
switch(*c) {
case '\n':
case '\r':
case ';':
trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string.\n\"" );
return;
break;
}
}
if ( !Q_stricmp( arg1, "leader" ) ) {