ubergames/lilium-voyager
0
0
Fork 0
mirror of https://github.com/UberGames/lilium-voyager.git synced 2025-02-24 20:01:16 +00:00
Code Issues Projects Releases Packages Wiki Activity
lilium-voyager/code/client
History
Zack Middleton 3638f69dff Fix fs_game '..' reading outside of home and base path 
VMs could set fs_game to '..' at anytime to access files outside of home
and base path. fs_game sent by server to clients could also be '..' to
access files outside of home and base path.

'..' was not caught by FS_CheckDirTraversal() as it expects filenames
not a single directory.

I've made fs_game be latched to prevent VMs from changing it with no
good way to validate it before it's used. com_basegame and fs_basegame
are now latched as well.

Additionally, it's now possible to change com_basegame while the engine
is running. game_restart or vid_restart will make it take affect.
com_homepath is now CVAR_PROTECTED to prevent VMs from changing it
to a directory traversal.

This requires my two previous commits for preventing VMs from changing
engine latch cvars and only Cvar_Get fs_game in FS_Startup (so CVAR_INIT
isn't added in serveral other places).

Reported by Noah Metzger (Chomenor).
2018-01-21 06:02:28 -06:00
..
cl_avi.c Remove unused function WRITE_1BYTES from cl_avi.c 2015-06-28 17:55:51 -05:00
cl_cgame.c Correct spelling mistakes. 2017-11-22 01:40:20 -06:00
cl_cin.c Fix misleading-indentation warnings in cl_cin.c 2017-07-09 14:01:41 -05:00
cl_console.c Add con_autochat and con_autoclear cvars 2017-06-08 15:46:19 -05:00
cl_curl.c Only allow safe protocols for cURL downloads 2017-08-15 21:47:27 -05:00
cl_curl.h Update internal curl to 7.54.0 2017-07-28 16:32:22 +01:00
cl_input.c Correct spelling mistakes. 2017-11-22 01:40:20 -06:00
cl_keys.c Correct spelling mistakes. 2017-11-22 01:40:20 -06:00
cl_main.c Fix fs_game '..' reading outside of home and base path 2018-01-21 06:02:28 -06:00
cl_net_chan.c - Improve snapshot rate and data rate control 2011-07-13 17:11:30 +00:00
cl_parse.c Fix fs_game '..' reading outside of home and base path 2018-01-21 06:02:28 -06:00
cl_scrn.c don't clear screen during CA_LOADING and CA_PRIMED 2014-01-23 13:44:36 -08:00
cl_ui.c Don't register fs_game cvar everywhere just to get the value 2018-01-21 06:02:08 -06:00
client.h Only allow connectionless print/echo from server/rcon address 2017-06-10 19:15:26 -05:00
keycodes.h Better gamepad support. 2016-08-08 02:36:10 -07:00
keys.h * Don't apply colour escape chars on input fields 2007-09-21 10:35:24 +00:00
libmumblelink.c Ensure that mbstowcs does not overflow its buffer 2015-01-07 23:37:11 +00:00
libmumblelink.h update mumble link interface for version 1.2 2010-01-04 14:12:18 +00:00
qal.c Remove references to alDopplerVelocity 2014-02-22 18:06:04 -06:00
qal.h Fix Makefile for OSX 2016-06-12 17:17:33 -04:00
snd_adpcm.c Correct spelling mistakes. 2017-11-22 01:40:20 -06:00
snd_codec.c Add Ogg Opus support 2013-02-17 18:32:05 -06:00
snd_codec.h Add Ogg Opus support 2013-02-17 18:32:05 -06:00
snd_codec_ogg.c Support FS_SEEK_END and negative offset for zipped files in FS_Seek 2013-11-08 18:43:34 -06:00
snd_codec_opus.c Support FS_SEEK_END and negative offset for zipped files in FS_Seek 2013-11-08 18:43:34 -06:00
snd_codec_wav.c Bug 5094 - Code cleanup, patch by Zack Middleton and DevHC. Fixes unused-but-set gcc warnings 2011-07-29 12:27:00 +00:00
snd_dma.c Correct spelling mistakes. 2017-11-22 01:40:20 -06:00
snd_local.h Fix playback of stereo sounds in Base sound system 2013-12-15 00:23:10 -06:00
snd_main.c Remove unneeded name buffer in S_Play_f. 2012-11-18 23:30:26 +00:00
snd_mem.c reset samplefrac to 8-bits, to prevent overflow 2016-10-07 01:21:15 +03:30
snd_mix.c Correct spelling mistakes. 2017-11-22 01:40:20 -06:00
snd_openal.c Make client for Windows x86_64 use OpenAL64.dll by default 2017-09-04 20:34:55 -05:00
snd_public.h REFACTOR [reletive -> relative] 2012-06-18 16:32:03 +00:00
snd_wavelet.c snd_wavelet: avoid undefined pointer below array bounds 2016-09-25 17:13:40 +01:00