From cdf1cba1060a0ccb50597fc19c064caf3a5d72af Mon Sep 17 00:00:00 2001
From: Yamagi <yamagi@yamagi.org>
Date: Fri, 20 Dec 2024 15:24:27 +0100
Subject: [PATCH] Correct `strncmp()` checks in download code.

Reported by @m-x-d, closes #1167.
---
 src/server/sv_user.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/server/sv_user.c b/src/server/sv_user.c
index b4efe79e..8ef6f655 100644
--- a/src/server/sv_user.c
+++ b/src/server/sv_user.c
@@ -314,13 +314,13 @@ SV_BeginDownload_f(void)
 		/* leading slash bad as well, must be in subdir */
 		|| (*name == '/')
 		/* next up, skin check */
-		|| ((strncmp(name, "players/", 6) == 0) && !allow_download_players->value)
+		|| ((strncmp(name, "players/", 8) == 0) && !allow_download_players->value)
 		/* now models */
-		|| ((strncmp(name, "models/", 6) == 0) && !allow_download_models->value)
+		|| ((strncmp(name, "models/", 7) == 0) && !allow_download_models->value)
 		/* now sounds */
 		|| ((strncmp(name, "sound/", 6) == 0) && !allow_download_sounds->value)
 		/* now maps (note special case for maps, must not be in pak) */
-		|| ((strncmp(name, "maps/", 6) == 0) && !allow_download_maps->value)
+		|| ((strncmp(name, "maps/", 5) == 0) && !allow_download_maps->value)
 		/* MUST be in a subdirectory */
 		|| !strstr(name, "/"))
 	{