diff options
| author | thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea> | 2006-06-01 00:23:46 +0000 |
|---|---|---|
| committer | thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea> | 2006-06-01 00:23:46 +0000 |
| commit | 46841aa463009df7ecf31964a93e2a25aa0259ce (patch) | |
| tree | 64bec42d1ff7d0fbae3294716af707882e73bc4a /code | |
| parent | dbe20c32ad1d8212dbf71c624c8574deac2b224d (diff) | |
| download | ioquake3-aero-46841aa463009df7ecf31964a93e2a25aa0259ce.tar.gz ioquake3-aero-46841aa463009df7ecf31964a93e2a25aa0259ce.zip | |
Forgot to check for windows-style path seperator in precaution against directory traversal abuse.
git-svn-id: svn://svn.icculus.org/quake3/trunk@794 edf5b092-35ff-0310-97b2-ce42778d08ea
Diffstat (limited to 'code')
| -rw-r--r-- | code/client/cl_main.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/code/client/cl_main.c b/code/client/cl_main.c index da5d116..12b102d 100644 --- a/code/client/cl_main.c +++ b/code/client/cl_main.c @@ -1445,7 +1445,7 @@ void CL_NextDownload(void) { s = localName + strlen(localName); // point at the nul byte // Make sure the server cannot make us write to non-quake3 directories. - if(strstr(localName, "../")) + if(strstr(localName, "../") || strstr(localName, "..\\")) { Com_Error(ERR_DROP, "CL_NextDownload: Invalid download name %s", localName); return; |