From 7f5c1fd5b6ae8026c2a48781c0aac42c33371f84 Mon Sep 17 00:00:00 2001 From: divverent Date: Wed, 9 Jan 2008 11:28:22 +0000 Subject: [PATCH] remove prvm_boundscheck cvar (security hole) and force bounds check on unless DP is compiled with -DPRVM_BOUNDSCHECK_CVAR (for those who REALLY want to be able to turn it off) git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@7940 d7cf8633-e32d-0410-b094-e92efae38249 --- prvm_edict.c | 4 ++++ prvm_exec.c | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/prvm_edict.c b/prvm_edict.c index f752f9e7..38062060 100644 --- a/prvm_edict.c +++ b/prvm_edict.c @@ -32,7 +32,9 @@ ddef_t *PRVM_ED_FieldAtOfs(int ofs); qboolean PRVM_ED_ParseEpair(prvm_edict_t *ent, ddef_t *key, const char *s); // LordHavoc: optional runtime bounds checking (speed drain, but worth it for security, on by default - breaks most QCCX features (used by CRMod and others)) +#ifdef PRVM_BOUNDSCHECK_CVAR cvar_t prvm_boundscheck = {0, "prvm_boundscheck", "1", "enables detection of out of bounds memory access in the QuakeC code being run (in other words, prevents really exceedingly bad QuakeC code from doing nasty things to your computer)"}; +#endif // LordHavoc: prints every opcode as it executes - warning: this is significant spew cvar_t prvm_traceqc = {0, "prvm_traceqc", "0", "prints every QuakeC statement as it is executed (only for really thorough debugging!)"}; // LordHavoc: counts usage of each QuakeC statement @@ -2040,7 +2042,9 @@ void PRVM_Init (void) Cmd_AddCommand ("menu_cmd", PRVM_GameCommand_Menu_f, "calls the menu QC function GameCommand with the supplied string as argument"); Cmd_AddCommand ("sv_cmd", PRVM_GameCommand_Server_f, "calls the server QC function GameCommand with the supplied string as argument"); // LordHavoc: optional runtime bounds checking (speed drain, but worth it for security, on by default - breaks most QCCX features (used by CRMod and others)) +#ifdef PRVM_BOUNDSCHECK_CVAR Cvar_RegisterVariable (&prvm_boundscheck); +#endif Cvar_RegisterVariable (&prvm_traceqc); Cvar_RegisterVariable (&prvm_statementprofiling); Cvar_RegisterVariable (&prvm_backtraceforwarnings); diff --git a/prvm_exec.c b/prvm_exec.c index 80287cab..a14c17d3 100644 --- a/prvm_exec.c +++ b/prvm_exec.c @@ -545,7 +545,9 @@ PRVM_ExecuteProgram #define OPA ((prvm_eval_t *)&prog->globals.generic[(unsigned short) st->a]) #define OPB ((prvm_eval_t *)&prog->globals.generic[(unsigned short) st->b]) #define OPC ((prvm_eval_t *)&prog->globals.generic[(unsigned short) st->c]) +#ifdef PRVM_BOUNDSCHECK_CVAR extern cvar_t prvm_boundscheck; +#endif extern cvar_t prvm_traceqc; extern cvar_t prvm_statementprofiling; extern sizebuf_t vm_tempstringsbuf; @@ -594,7 +596,9 @@ chooseexecprogram: if (prvm_statementprofiling.integer) { #define PRVMSTATEMENTPROFILING 1 +#ifdef PRVM_BOUNDSCHECK_CVAR if (prvm_boundscheck.integer) +#endif { #define PRVMBOUNDSCHECK 1 if (prog->trace) @@ -609,6 +613,7 @@ chooseexecprogram: } #undef PRVMBOUNDSCHECK } +#ifdef PRVM_BOUNDSCHECK_CVAR else { if (prog->trace) @@ -622,11 +627,14 @@ chooseexecprogram: #include "prvm_execprogram.h" } } +#endif #undef PRVMSTATEMENTPROFILING } else { +#ifdef PRVM_BOUNDSCHECK_CVAR if (prvm_boundscheck.integer) +#endif { #define PRVMBOUNDSCHECK 1 if (prog->trace) @@ -641,6 +649,7 @@ chooseexecprogram: } #undef PRVMBOUNDSCHECK } +#ifdef PRVM_BOUNDSCHECK_CVAR else { if (prog->trace) @@ -654,6 +663,7 @@ chooseexecprogram: #include "prvm_execprogram.h" } } +#endif } cleanup: -- 2.39.2