From cdda65c3ad30d7a01e75f18a7a470bc8cbb3a6b6 Mon Sep 17 00:00:00 2001 From: thilo Date: Mon, 8 May 2006 19:53:41 +0000 Subject: Fix bug that permits download of arbitrary files from a download enabled server by checking requested file name against the list of loaded pk3 files. See CVE-2006-2082 git-svn-id: svn://svn.icculus.org/quake3/trunk@777 edf5b092-35ff-0310-97b2-ce42778d08ea --- code/qcommon/files.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'code/qcommon') diff --git a/code/qcommon/files.c b/code/qcommon/files.c index 13b8a25..31b9b66 100644 --- a/code/qcommon/files.c +++ b/code/qcommon/files.c @@ -2556,16 +2556,9 @@ FS_idPak */ qboolean FS_idPak( char *pak, char *base ) { int i; - char pakbuf[MAX_QPATH], *pakptr; - - // Chop off filename extension if necessary. - Com_sprintf(pakbuf, sizeof(pakbuf), "%s", pak); - pakptr = Q_strrchr(pakbuf, '.'); - if(pakptr) - *pakptr = '\0'; for (i = 0; i < NUM_ID_PAKS; i++) { - if ( !FS_FilenameCompare(pakbuf, va("%s/pak%d", base, i)) ) { + if ( !FS_FilenameCompare(pak, va("%s/pak%d", base, i)) ) { break; } } -- cgit v1.2.3