diff options
| author | thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea> | 2006-06-16 20:38:08 +0000 |
|---|---|---|
| committer | thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea> | 2006-06-16 20:38:08 +0000 |
| commit | 3289134ae36f4389fe8f5c229f79617fab27cd0f (patch) | |
| tree | 92c8d40977df11bfb04668a3ec59bbdb38f2a040 /code/client | |
| parent | 1bf90e5ce6b77e61ea5ce01172f14d0916b27a1c (diff) | |
| download | ioquake3-aero-3289134ae36f4389fe8f5c229f79617fab27cd0f.tar.gz ioquake3-aero-3289134ae36f4389fe8f5c229f79617fab27cd0f.zip | |
- Fix bug that allows a malicious server to write and overwrite any files in the quake3 directory.
Reported by Luigi Auriemma.
- Moved directory traversal check to a more proper location.
- Added a few sanity checks for checksum/pakname storage to fix a crash that can occur under certain circumstances.
git-svn-id: svn://svn.icculus.org/quake3/trunk@804 edf5b092-35ff-0310-97b2-ce42778d08ea
Diffstat (limited to 'code/client')
| -rw-r--r-- | code/client/cl_main.c | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/code/client/cl_main.c b/code/client/cl_main.c index 12b102d..a2b93b9 100644 --- a/code/client/cl_main.c +++ b/code/client/cl_main.c @@ -1444,13 +1444,6 @@ void CL_NextDownload(void) { else s = localName + strlen(localName); // point at the nul byte - // Make sure the server cannot make us write to non-quake3 directories. - if(strstr(localName, "../") || strstr(localName, "..\\")) - { - Com_Error(ERR_DROP, "CL_NextDownload: Invalid download name %s", localName); - return; - } - CL_BeginDownload( localName, remoteName ); clc.downloadRestart = qtrue; |