My cvar latch system changes prevent the Game VM from changing
g_gametype when the value is out of range due to it being registed in
the engine. It's been pointed out as fragile method of security, which
was still exploitable, by Noah Metzger (Chomenor). It doesn't seem like
this is working out to be a good solution.
The issue of fs_game '..' on server being relicated on client via
systeminfo exploit is still fixed as it's not affected by latch.
There are a few cases from current values of fs_game are used which
ideally should use fs_gamedir char array which has been validated.
Revert "Don't let VMs change engine latch cvars immediately"
Partially revert "Fix fs_game '..' reading outside of home and base path"
Revert "Fix VMs forcing engine latch cvar to update to latched value"
VMs could set fs_game to '..' at anytime to access files outside of home
and base path. fs_game sent by server to clients could also be '..' to
access files outside of home and base path.
'..' was not caught by FS_CheckDirTraversal() as it expects filenames
not a single directory.
I've made fs_game be latched to prevent VMs from changing it with no
good way to validate it before it's used. com_basegame and fs_basegame
are now latched as well.
Additionally, it's now possible to change com_basegame while the engine
is running. game_restart or vid_restart will make it take affect.
com_homepath is now CVAR_PROTECTED to prevent VMs from changing it
to a directory traversal.
This requires my two previous commits for preventing VMs from changing
engine latch cvars and only Cvar_Get fs_game in FS_Startup (so CVAR_INIT
isn't added in serveral other places).
Reported by Noah Metzger (Chomenor).
ioquake3.x86_64.exe can't load x86 OpenAL32.dll. Using separate
library names allows shipping OpenAL for both architectures.
Though since the dll name is saved in the config file, using both
clients on the same computer will cause one client arch to always
try to load the wrong OpenAL dll and then fallback to the correct
default OpenAL dll. I guess it could be fixed by using separate
cvar names for s_alDriver.
Setting cl_renderer isn't a security concern and valid behavior for
a menu to provide. Sys_LoadDLL ensures only libries are loaded and
engine prevents QVMs from writing them.
This commit fixes the vanilla Q3 UI VMs not displaying a server list
when id Software's master server is down.
Originally master 0 for the globalservers command was Internet and
master 1 was MPlayer (defunct). In 2008 ioquake3 changed it so that
master 0 to 4 were five separate master servers with no affect on
original Quake3/Team Arena UI VMs; they continued to get the server
list from master.quake3arena.com.
id Software's master server (master.quake3arena.com) goes down
occasionally. Using ioq3's UI VM additional master servers can be
accessed but players using the original UI VMs are unable to get a
server list.
In order to fix the original UI VMs in Quake3/Team Arena's pk3s this
commit makes 'globalservers 0' fetch all master servers. So players
get a combined list of id Software's and ioquake3's master list. Or
just ioquake3's list if id Software's master is down.
Getting lists from individual master servers using globalservers has
changed from 0 through 4 to 1 through 5 to accommodate using 0 for
other purposes. This commit modifies ioq3's UI code to support the new
values for globalservers command.
A side affect of these changes is that UI VMs based on ioq3 since 2008
will have Internet1 fetch all master servers and Internet2 request
sv_master1 instead of sv_master2 and so on. It may be worth noting that
getting server list from masters 3-5 could not be done using ioq3's UI
before 2011.
The player column in Team Arena UI lists clients and max clients
in format of "clients [maxclients]". When sorting by clients the
max clients is ignored which results in player column being
disorganized.
When servers have the same number of clients, sort based on max
clients. Otherwise client sort is sub-sorted based on order of
getinfo responses (ping).
Save argument instead of using a pointer to cmd token memory that
might be overwritten when Cmd_TokenizeString() is called.
No known method for causing the issue without engine changes.
Cmd_TokenizeString() is called by FS_PureServerSetReferencedPaks()
in CL_Disconnect() but it's not an issue because the string is
blank.
Thanks @mickael9.
Given an array b[] of length n, pointers to &b[0]..&b[n] are defined
(where only &b[0]..&b[n-1] can be validly dereferenced). &b[-1], or
equivalently b-1, is not something we can use in valid Standard C.
gcc 6 diagnoses this as:
code/client/snd_wavelet.c:33:9: warning: array subscript is below array bounds [-Warray-bounds]
and might take this undefined behaviour as permission to emit
"more efficient" object code that is not what the author expected,
for example nothing at all. Use a macro to fake a 1-based array instead.
At the end of CL_RunCinematic, RoQShutdown sets currentHandle to -1.
This causes the return at the end to be return cinTable[-1].status.
Use return FMV_EOF when RoQShutdown is called.
I think FMV_EOF should be returned instead of FMV_IDLE which is set in
RoQShutdown because RoQShutdown is clearing out state so it can be reused
for a new cinematic.
The return value isn't actually read by the ioq3 client, renderers,
cgame, or ui.
Server/client VoIP protocol is handled by adding new cvars
cl_voipProtocol and sv_voipProtocol, sv_voip and cl_voip
are used to auto set/clear them. All users need to touch
are cl/sv_voip as 0 or 1 just like before.
Old Speex VoIP packets in demos are skipped.
New VoIP packets are skipped in demos if sv_voipProtocol
doesn't match cl_voipProtocol.
Notable difference between usage of speex and opus codecs,
when using Speex client would be sent 80ms at a time.
Using Opus, 60ms is sent at a time. This was changed because
the Opus codec supports encoding up to 60ms at a time.
(Simpler to send only one codec frame in a packet.)