This is an automated email from the git hooks/post-receive script.
smcv pushed a commit to annotated tag debian/1.36+u20170908+dfsg1-1
in repository ioquake3.
commit f0b74a27c97f6b03cc270d0536a77bdfcc1e8fad
Author: Zack Middleton <z...@cloemail.com>
Date: Wed Aug 9 18:27:39 2017 -0500
Check for all command separators in callTeamVote
Make callTeamVote check for all command separators like in callVote.
It's not exploitable as the only vote option (leader) always uses an
integer argument.
Also the ioquake3 engine remove command separators from client game
commands in Cmd_Args_Sanitize().
---
code/game/g_cmds.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/code/game/g_cmds.c b/code/game/g_cmds.c
index 46a69ca..b02a19e 100644
--- a/code/game/g_cmds.c
+++ b/code/game/g_cmds.c
@@ -1489,9 +1489,16 @@ void Cmd_CallTeamVote_f( gentity_t *ent ) {
trap_Argv( i, &arg2[strlen(arg2)], sizeof( arg2 ) -
strlen(arg2) );
}
- if( strchr( arg1, ';' ) || strchr( arg2, ';' ) ) {
- trap_SendServerCommand( ent-g_entities, "print \"Invalid vote
string.\n\"" );
- return;
+ // check for command separators in arg2
+ for( c = arg2; *c; ++c) {
+ switch(*c) {
+ case '\n':
+ case '\r':
+ case ';':
+ trap_SendServerCommand( ent-g_entities, "print
\"Invalid vote string.\n\"" );
+ return;
+ break;
+ }
}
if ( !Q_stricmp( arg1, "leader" ) ) {
--
Alioth's /usr/local/bin/git-commit-notice on
/srv/git.debian.org/git/pkg-games/ioquake3.git
_______________________________________________
Pkg-games-commits mailing list
Pkg-games-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-games-commits
