]> git.rm.cloudns.org Git - xonotic/darkplaces.git/commitdiff
oops... fixed a security issue with expanding aliases
authordivverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Sun, 6 Jan 2008 22:23:39 +0000 (22:23 +0000)
committerdivverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Sun, 6 Jan 2008 22:23:39 +0000 (22:23 +0000)
git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@7929 d7cf8633-e32d-0410-b094-e92efae38249

netconn.c

index 587cdbadece423795aafdd6013110e4d472404b2..ab96c23f0eb49a27df8c4ecdfa528837bf29e1c0 100755 (executable)
--- a/netconn.c
+++ b/netconn.c
@@ -1972,6 +1972,10 @@ qboolean RCon_Authenticate(const char *password, const char *s, const char *endp
        if(strcmp(rcon_restricted_password.string, password))
                return false;
 
+       for(text = s; text != endpos; ++text)
+               if(*text > 0 && *text < ' ' || *text == ';')
+                       return false; // block possible exploits against the parser/alias expansion
+
        while(s != endpos)
        {
                size_t l = strlen(s);
@@ -1979,26 +1983,6 @@ qboolean RCon_Authenticate(const char *password, const char *s, const char *endp
                {
                        text = s;
 
-                       // THIS MUST MATCH Cmd_TokenizeString FOR SECURITY REASONS
-                       while (*text && *text <= ' ' && *text != '\r' && *text != '\n')
-                               text++;
-
-                       // line endings:
-                       // UNIX: \n
-                       // Mac: \r
-                       // Windows: \r\n
-                       if (*text == '\n' || *text == '\r')
-                       {
-                               // a newline separates commands in the buffer
-                               if (*text == '\r' && text[1] == '\n')
-                                       text++;
-                               text++;
-                               return false;
-                       }
-
-                       if (!*text)
-                               return false;
-
                        if (!COM_ParseToken_Console(&text))
                                return false;