From: divverent <divverent@d7cf8633-e32d-0410-b094-e92efae38249>
Date: Sun, 6 Jan 2008 22:23:39 +0000 (+0000)
Subject: oops... fixed a security issue with expanding aliases
X-Git-Tag: xonotic-v0.1.0preview~2577
X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=2a00971f816fb8d71cb69a4982ec69616f649353;p=xonotic%2Fdarkplaces.git

oops... fixed a security issue with expanding aliases


git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@7929 d7cf8633-e32d-0410-b094-e92efae38249
---

diff --git a/netconn.c b/netconn.c
index 587cdbad..ab96c23f 100755
--- a/netconn.c
+++ b/netconn.c
@@ -1972,6 +1972,10 @@ qboolean RCon_Authenticate(const char *password, const char *s, const char *endp
 	if(strcmp(rcon_restricted_password.string, password))
 		return false;
 
+	for(text = s; text != endpos; ++text)
+		if(*text > 0 && *text < ' ' || *text == ';')
+			return false; // block possible exploits against the parser/alias expansion
+
 	while(s != endpos)
 	{
 		size_t l = strlen(s);
@@ -1979,26 +1983,6 @@ qboolean RCon_Authenticate(const char *password, const char *s, const char *endp
 		{
 			text = s;
 
-			// THIS MUST MATCH Cmd_TokenizeString FOR SECURITY REASONS
-			while (*text && *text <= ' ' && *text != '\r' && *text != '\n')
-				text++;
-
-			// line endings:
-			// UNIX: \n
-			// Mac: \r
-			// Windows: \r\n
-			if (*text == '\n' || *text == '\r')
-			{
-				// a newline separates commands in the buffer
-				if (*text == '\r' && text[1] == '\n')
-					text++;
-				text++;
-				return false;
-			}
-
-			if (!*text)
-				return false;
-
 			if (!COM_ParseToken_Console(&text))
 				return false;