From: divverent Date: Thu, 9 Apr 2009 07:59:14 +0000 (+0000) Subject: clear the rcon password on "connect" command or QW-style reconnect, to prevent stuffc... X-Git-Tag: xonotic-v0.1.0preview~1722 X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=78f404d63112abc53eac617c3b7ace1dec050ab2;p=xonotic%2Fdarkplaces.git clear the rcon password on "connect" command or QW-style reconnect, to prevent stuffcmd based vulnerabilities that could expose the rcon password git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@8888 d7cf8633-e32d-0410-b094-e92efae38249 --- diff --git a/host_cmd.c b/host_cmd.c index 76807ce6..6c051d9f 100644 --- a/host_cmd.c +++ b/host_cmd.c @@ -473,7 +473,11 @@ void Host_Reconnect_f (void) // will still contain its IP address, so get the address... InfoString_GetValue(cls.userinfo, "*ip", temp, sizeof(temp)); if (temp[0]) + { + // clear the rcon password, to prevent vulnerability by stuffcmd-ing a setinfo command to change *ip, then reconnect + Cvar_SetQuick(&rcon_password, ""); CL_EstablishConnection(temp); + } else Con_Printf("Reconnect to what server? (you have not connected to a server yet)\n"); return; @@ -525,6 +529,8 @@ void Host_Connect_f (void) Con_Print("connect : connect to a multiplayer game\n"); return; } + // clear the rcon password, to prevent vulnerability by stuffcmd-ing a connect command + Cvar_SetQuick(&rcon_password, ""); CL_EstablishConnection(Cmd_Argv(1)); }