in the vote calling functions, protect against the dreaded exploit of '\n'-interpretation inside quotes

author: /dev/humancontroller <devhc@example.com> 2015-06-13 23:09:21 +0200
committer: /dev/humancontroller <devhc@example.com> 2017-02-07 17:35:00 +0100
commit: e743be2b793d15052228e625d98b765c0315b878 (patch)
tree: f6715a020de4bcb6ae54e4a28d59d608ddfe6f90 /src/game
parent: 73958663ddcf77cfc939ca5536203f1e0b05aa00 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/game/g_cmds.c b/src/game/g_cmds.c
index ee215301..9a225c24 100644
--- a/src/game/g_cmds.c
+++ b/src/game/g_cmds.c
@@ -1192,6 +1192,14 @@ void Cmd_CallVote_f( gentity_t *ent )
     return;
   }
 
+  // protect against the dreaded exploit of '\n'-interpretation inside quotes
+  if( strchr( arg, '\n' ) || strchr( arg, '\r' ) ||
+      strchr( creason, '\n' ) || strchr( creason, '\r' ) )
+  {
+    trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string\n\"" );
+    return;
+  }
+
   if( level.voteExecuteTime[ team ] )
     G_ExecuteVote( team );
author	/dev/humancontroller <devhc@example.com>	2015-06-13 23:09:21 +0200
committer	/dev/humancontroller <devhc@example.com>	2017-02-07 17:35:00 +0100
commit	e743be2b793d15052228e625d98b765c0315b878 (patch)
tree	f6715a020de4bcb6ae54e4a28d59d608ddfe6f90 /src/game
parent	73958663ddcf77cfc939ca5536203f1e0b05aa00 (diff)