From cdda65c3ad30d7a01e75f18a7a470bc8cbb3a6b6 Mon Sep 17 00:00:00 2001
From: thilo <thilo@edf5b092-35ff-0310-97b2-ce42778d08ea>
Date: Mon, 8 May 2006 19:53:41 +0000
Subject: Fix bug that permits download of arbitrary files from a download
 enabled server by checking requested file name against the list of loaded pk3
 files. See CVE-2006-2082

git-svn-id: svn://svn.icculus.org/quake3/trunk@777 edf5b092-35ff-0310-97b2-ce42778d08ea
---
 code/qcommon/files.c | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

(limited to 'code/qcommon/files.c')

diff --git a/code/qcommon/files.c b/code/qcommon/files.c
index 13b8a25..31b9b66 100644
--- a/code/qcommon/files.c
+++ b/code/qcommon/files.c
@@ -2556,16 +2556,9 @@ FS_idPak
 */
 qboolean FS_idPak( char *pak, char *base ) {
 	int i;
-	char pakbuf[MAX_QPATH], *pakptr;
-
-	// Chop off filename extension if necessary.
-	Com_sprintf(pakbuf, sizeof(pakbuf), "%s", pak);
-	pakptr = Q_strrchr(pakbuf, '.');
-	if(pakptr)
-		*pakptr = '\0';
 
 	for (i = 0; i < NUM_ID_PAKS; i++) {
-		if ( !FS_FilenameCompare(pakbuf, va("%s/pak%d", base, i)) ) {
+		if ( !FS_FilenameCompare(pak, va("%s/pak%d", base, i)) ) {
 			break;
 		}
 	}
-- 
cgit v1.2.3