clear the rcon password on "connect" command or QW-style reconnect, to prevent stuffc...

author divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>

Thu, 9 Apr 2009 07:59:14 +0000 (07:59 +0000)

committer divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>

Thu, 9 Apr 2009 07:59:14 +0000 (07:59 +0000)
author divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Thu, 9 Apr 2009 07:59:14 +0000 (07:59 +0000)
committer divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Thu, 9 Apr 2009 07:59:14 +0000 (07:59 +0000)
diff --git a/host_cmd.c b/host_cmd.c

index 76807ce6b33c3d83016592d71f1656a5551f2179..6c051d9f0f8c0e83cc9715560619d9c83d2a8a1d 100644 (file)
--- a/host_cmd.c
+++ b/host_cmd.c
@@ -473,7 +473,11 @@ void Host_Reconnect_f (void)
                 // will still contain its IP address, so get the address...
                 InfoString_GetValue(cls.userinfo, "*ip", temp, sizeof(temp));
                 if (temp[0])
+               {
+                       // clear the rcon password, to prevent vulnerability by stuffcmd-ing a setinfo command to change *ip, then reconnect
+                       Cvar_SetQuick(&rcon_password, "");
                         CL_EstablishConnection(temp);
+               }
                 else
                         Con_Printf("Reconnect to what server?  (you have not connected to a server yet)\n");
                 return;
@@ -525,6 +529,8 @@ void Host_Connect_f (void)
                 Con_Print("connect <serveraddress> : connect to a multiplayer game\n");
                 return;
         }
+       // clear the rcon password, to prevent vulnerability by stuffcmd-ing a connect command
+       Cvar_SetQuick(&rcon_password, "");
         CL_EstablishConnection(Cmd_Argv(1));
  }
author	divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
	Thu, 9 Apr 2009 07:59:14 +0000 (07:59 +0000)
committer	divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
	Thu, 9 Apr 2009 07:59:14 +0000 (07:59 +0000)