diff --git a/src/client/cl_download.c b/src/client/cl_download.c index 72ebc3a1..fbd3e9ed 100644 --- a/src/client/cl_download.c +++ b/src/client/cl_download.c @@ -445,9 +445,11 @@ CL_CheckOrDownloadFile(char *filename) char name[MAX_OSPATH]; char *ptr; + // FIXME: we should probably also forbid paths starting with '/' or '\\' or "C:\" + // (or any other drive name) because in the end FS_LoadFile() will fallback to fopen()! if (strstr(filename, "..")) { - Com_Printf("Refusing to download a path with ..\n"); + Com_Printf("Refusing to download a path with ..: %s\n", filename); return true; } diff --git a/src/client/header/client.h b/src/client/header/client.h index 2735a9d7..9a3195d0 100644 --- a/src/client/header/client.h +++ b/src/client/header/client.h @@ -221,7 +221,7 @@ typedef struct /* > cls.disable_servercount, clear disable_screen */ /* connection information */ - char servername[MAX_OSPATH]; /* name of server from original connect */ + char servername[256]; /* name of server from original connect */ float connect_time; /* for connection retransmits */ int quakePort; /* a 16 bit value that allows quake servers */ diff --git a/src/common/header/shared.h b/src/common/header/shared.h index 70b551cd..df8dbd03 100644 --- a/src/common/header/shared.h +++ b/src/common/header/shared.h @@ -64,10 +64,24 @@ typedef unsigned char byte; #define MAX_QPATH 64 /* max length of a quake game pathname */ +/* + * DG: For some stupid reason, SV_WriteServerFile() and SV_ReadeServerFile() used + * MAX_OSPATH as buffer length for CVAR_LATCH CVARS and saved the whole buffer + * into $game/save/current/server.ssv, so changing MAX_OSPATH breaks savegames... + * Unfortunately, for some other fucking reason MAX_OSPATH was 128 for non-Windows + * which is just horrible.. so I introduced LATCH_CVAR_SAVELENGTH with the stupid + * values so I could bump MAX_OSPATH. + * TODO: whenever you break savegame compatibility next, make + * LATCH_CVAR_SAVELENGTH system-independent (or remove it and hardcode a + * sensible value in the two functions) + */ + #ifdef _WIN32 #define MAX_OSPATH 256 /* max length of a filesystem pathname (same as MAX_PATH) */ + #define LATCH_CVAR_SAVELENGTH 256 #else - #define MAX_OSPATH 128 /* max length of a filesystem pathname */ + #define MAX_OSPATH 4096 /* max length of a filesystem pathname */ + #define LATCH_CVAR_SAVELENGTH 128 #endif /* per-level limits */ diff --git a/src/server/sv_save.c b/src/server/sv_save.c index 2e01164b..fabd9f4a 100644 --- a/src/server/sv_save.c +++ b/src/server/sv_save.c @@ -262,23 +262,23 @@ SV_WriteServerFile(qboolean autosave) skill, deathmatch, etc */ for (var = cvar_vars; var; var = var->next) { + char cvarname[LATCH_CVAR_SAVELENGTH] = {0}; if (!(var->flags & CVAR_LATCH)) { continue; } - if ((strlen(var->name) >= sizeof(name) - 1) || + if ((strlen(var->name) >= sizeof(cvarname) - 1) || (strlen(var->string) >= sizeof(string) - 1)) { Com_Printf("Cvar too long: %s = %s\n", var->name, var->string); continue; } - memset(name, 0, sizeof(name)); memset(string, 0, sizeof(string)); - strcpy(name, var->name); + strcpy(cvarname, var->name); strcpy(string, var->string); - fwrite(name, 1, sizeof(name), f); + fwrite(cvarname, 1, sizeof(cvarname), f); fwrite(string, 1, sizeof(string), f); } @@ -319,14 +319,15 @@ SV_ReadServerFile(void) coop, skill, deathmatch, etc */ while (1) { - if (!FS_FRead(name, 1, sizeof(name), f)) + char cvarname[LATCH_CVAR_SAVELENGTH] = {0}; + if (!FS_FRead(cvarname, 1, sizeof(cvarname), f)) { break; } FS_Read(string, sizeof(string), f); - Com_DPrintf("Set %s = %s\n", name, string); - Cvar_ForceSet(name, string); + Com_DPrintf("Set %s = %s\n", cvarname, string); + Cvar_ForceSet(cvarname, string); } FS_FCloseFile(f);