aboutsummaryrefslogtreecommitdiffstats
path: root/code/qcommon
diff options
context:
space:
mode:
authorthilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea>2006-05-08 19:53:41 +0000
committerthilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea>2006-05-08 19:53:41 +0000
commitcdda65c3ad30d7a01e75f18a7a470bc8cbb3a6b6 (patch)
tree3a91e92eecea6bcf3b4533a6687efa0b3e781beb /code/qcommon
parentd859dca57dd0da983b50dba748f56a60216cc3a8 (diff)
downloadioquake3-aero-cdda65c3ad30d7a01e75f18a7a470bc8cbb3a6b6.tar.gz
ioquake3-aero-cdda65c3ad30d7a01e75f18a7a470bc8cbb3a6b6.zip
Fix bug that permits download of arbitrary files from a download enabled server by checking requested file name against the list of loaded pk3 files. See CVE-2006-2082
git-svn-id: svn://svn.icculus.org/quake3/trunk@777 edf5b092-35ff-0310-97b2-ce42778d08ea
Diffstat (limited to 'code/qcommon')
-rw-r--r--code/qcommon/files.c9
1 files changed, 1 insertions, 8 deletions
diff --git a/code/qcommon/files.c b/code/qcommon/files.c
index 13b8a25..31b9b66 100644
--- a/code/qcommon/files.c
+++ b/code/qcommon/files.c
@@ -2556,16 +2556,9 @@ FS_idPak
*/
qboolean FS_idPak( char *pak, char *base ) {
int i;
- char pakbuf[MAX_QPATH], *pakptr;
-
- // Chop off filename extension if necessary.
- Com_sprintf(pakbuf, sizeof(pakbuf), "%s", pak);
- pakptr = Q_strrchr(pakbuf, '.');
- if(pakptr)
- *pakptr = '\0';
for (i = 0; i < NUM_ID_PAKS; i++) {
- if ( !FS_FilenameCompare(pakbuf, va("%s/pak%d", base, i)) ) {
+ if ( !FS_FilenameCompare(pak, va("%s/pak%d", base, i)) ) {
break;
}
}