diff options
Diffstat (limited to 'src/qcommon/cmd.c')
| -rw-r--r-- | src/qcommon/cmd.c | 77 |
1 files changed, 68 insertions, 9 deletions
diff --git a/src/qcommon/cmd.c b/src/qcommon/cmd.c index 7ce50ccc..8ea761e8 100644 --- a/src/qcommon/cmd.c +++ b/src/qcommon/cmd.c @@ -470,6 +470,31 @@ char *Cmd_Cmd(void) } /* + Replace command separators with space to prevent interpretation + This is a hack to protect buggy qvms + https://bugzilla.icculus.org/show_bug.cgi?id=3593 + https://bugzilla.icculus.org/show_bug.cgi?id=4769 +*/ + +void Cmd_Args_Sanitize(void) +{ + int i; + + for(i = 1; i < cmd.argc; i++) + { + char *c = cmd.argv[i]; + + if(strlen(c) > MAX_CVAR_VALUE_STRING - 1) + c[MAX_CVAR_VALUE_STRING - 1] = '\0'; + + while ((c = strpbrk(c, "\n\r;"))) { + *c = ' '; + ++c; + } + } +} + +/* ============ Cmd_TokenizeString @@ -604,6 +629,20 @@ void Cmd_TokenizeStringIgnoreQuotes( const char *text_in ) { /* ============ +Cmd_FindCommand +============ +*/ +cmd_function_t *Cmd_FindCommand( const char *cmd_name ) +{ + cmd_function_t *cmd; + for( cmd = cmd_functions; cmd; cmd = cmd->next ) + if( !Q_stricmp( cmd_name, cmd->name ) ) + return cmd; + return NULL; +} + +/* +============ Cmd_AddCommand ============ */ @@ -611,14 +650,12 @@ void Cmd_AddCommand( const char *cmd_name, xcommand_t function ) { cmd_function_t *cmd; // fail if the command already exists - for ( cmd = cmd_functions ; cmd ; cmd=cmd->next ) { - if ( !strcmp( cmd_name, cmd->name ) ) { - // allow completion-only commands to be silently doubled - if ( function != NULL ) { - Com_Printf ("Cmd_AddCommand: %s already defined\n", cmd_name); - } - return; - } + if( Cmd_FindCommand( cmd_name ) ) + { + // allow completion-only commands to be silently doubled + if( function != NULL ) + Com_Printf( "Cmd_AddCommand: %s already defined\n", cmd_name ); + return; } // use a small malloc to avoid zone fragmentation @@ -672,6 +709,28 @@ void Cmd_RemoveCommand( const char *cmd_name ) { } } +/* +============ +Cmd_RemoveCommandSafe + +Only remove commands with no associated function +============ +*/ +void Cmd_RemoveCommandSafe( const char *cmd_name ) +{ + cmd_function_t *cmd = Cmd_FindCommand( cmd_name ); + + if( !cmd ) + return; + if( cmd->function ) + { + Com_Error( ERR_DROP, "Restricted source tried to remove " + "system command \"%s\"\n", cmd_name ); + return; + } + + Cmd_RemoveCommand( cmd_name ); +} /* ============ @@ -798,7 +857,7 @@ Cmd_CompleteCfgName */ void Cmd_CompleteCfgName( char *args, int argNum ) { if( argNum == 2 ) { - Field_CompleteFilename( "", "cfg", qfalse ); + Field_CompleteFilename( "", "cfg", qfalse, qtrue ); } } |