From e743be2b793d15052228e625d98b765c0315b878 Mon Sep 17 00:00:00 2001
From: /dev/humancontroller <devhc@example.com>
Date: Sat, 13 Jun 2015 23:09:21 +0200
Subject: in the vote calling functions, protect against the dreaded exploit of
 '\n'-interpretation inside quotes

---
 src/game/g_cmds.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/game/g_cmds.c b/src/game/g_cmds.c
index ee215301..9a225c24 100644
--- a/src/game/g_cmds.c
+++ b/src/game/g_cmds.c
@@ -1192,6 +1192,14 @@ void Cmd_CallVote_f( gentity_t *ent )
     return;
   }
 
+  // protect against the dreaded exploit of '\n'-interpretation inside quotes
+  if( strchr( arg, '\n' ) || strchr( arg, '\r' ) ||
+      strchr( creason, '\n' ) || strchr( creason, '\r' ) )
+  {
+    trap_SendServerCommand( ent-g_entities, "print \"Invalid vote string\n\"" );
+    return;
+  }
+
   if( level.voteExecuteTime[ team ] )
     G_ExecuteVote( team );
 
-- 
cgit