From 5a185ff7f6ea49ae7983811d9564f4d190a47914 Mon Sep 17 00:00:00 2001 From: divverent Date: Sun, 18 Oct 2009 19:53:06 +0000 Subject: [PATCH] clean up rcon_secure checks git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@9350 d7cf8633-e32d-0410-b094-e92efae38249 --- cvar.c | 2 +- host_cmd.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cvar.c b/cvar.c index 3db048c0..822f6e5e 100644 --- a/cvar.c +++ b/cvar.c @@ -299,7 +299,7 @@ void Cvar_SetQuick_Internal (cvar_t *var, const char *value) // whenever rcon_secure is changed to 0, clear rcon_password for // security reasons (prevents a send-rcon-password-as-plaintext // attack based on NQ protocol session takeover and svc_stufftext) - if(!var->integer) + if(var->integer <= 0) Cvar_Set("rcon_password", ""); } else if (!strcmp(var->name, "net_slist_favorites")) diff --git a/host_cmd.c b/host_cmd.c index 5c1f0969..620c1e44 100644 --- a/host_cmd.c +++ b/host_cmd.c @@ -514,7 +514,7 @@ void Host_Connect_f (void) return; } // clear the rcon password, to prevent vulnerability by stuffcmd-ing a connect command - if(!rcon_secure.integer) + if(rcon_secure.integer <= 0) Cvar_SetQuick(&rcon_password, ""); CL_EstablishConnection(Cmd_Argv(1)); } @@ -2349,7 +2349,7 @@ void Host_PQRcon_f (void) lhnetsocket_t *mysocket; char peer_address[64]; - if (!rcon_password.string || !rcon_password.string[0] || rcon_secure.integer) + if (!rcon_password.string || !rcon_password.string[0] || rcon_secure.integer > 0) { Con_Printf ("You must set rcon_password before issuing an pqrcon command, and rcon_secure must be 0.\n"); return; @@ -2462,7 +2462,7 @@ void Host_Rcon_f (void) // credit: taken from QuakeWorld cls.rcon_timeout[cls.rcon_ringpos] = realtime + rcon_secure_challengetimeout.value; cls.rcon_ringpos = (cls.rcon_ringpos + 1) % MAX_RCONS; } - else if(rcon_secure.integer) + else if(rcon_secure.integer > 0) { char buf[1500]; char argbuf[1500]; -- 2.39.2