]> git.xonotic.org Git - xonotic/darkplaces.git/commitdiff
projects / xonotic / darkplaces.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 886e2b4)
fix rcon_password validation to refuse whitespace, and refuse empty passwords (as...
authorhavoc <havoc@d7cf8633-e32d-0410-b094-e92efae38249>
Thu, 23 Feb 2006 16:19:09 +0000 (16:19 +0000)
committerhavoc <havoc@d7cf8633-e32d-0410-b094-e92efae38249>
Thu, 23 Feb 2006 16:19:09 +0000 (16:19 +0000)
git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@6019 d7cf8633-e32d-0410-b094-e92efae38249

host_cmd.c patch | blob | history
netconn.c patch | blob | history

diff --git a/host_cmd.c b/host_cmd.c
index 2c5d185fd52a36350072d2289b91895e820de5fd..98b7d090067f73effdda2a32dc1d21bbd0504f84 100644 (file)
--- a/host_cmd.c
+++ b/host_cmd.c
@@ -1972,15 +1972,25 @@ Host_Rcon_f
 */
 void Host_Rcon_f (void) // credit: taken from QuakeWorld
 {
+       int i;
        lhnetaddress_t to;
        lhnetsocket_t *mysocket;
 
-       if (!rcon_password.string)
+       if (!rcon_password.string || !rcon_password.string[0])
        {
                Con_Printf ("You must set rcon_password before issuing an rcon command.\n");
                return;
        }
 
+       for (i = 0;rcon_password.string[i];i++)
+       {
+               if (rcon_password.string[i] <= ' ')
+               {
+                       Con_Printf("rcon_password is not allowed to have any whitespace.\n");
+                       return;
+               }
+       }
+
        if (cls.netcon)
                to = cls.netcon->peeraddress;
        else
diff --git a/netconn.c b/netconn.c
index 74ba01ba951e988b9d822be4e33f53530c4a2e7d..9628a3802ac9eea9139991e991314564545f5ba5 100755 (executable)
--- a/netconn.c
+++ b/netconn.c
@@ -1574,7 +1574,7 @@ static int NetConn_ServerParsePacket(lhnetsocket_t *mysocket, unsigned char *dat
                                        if (i < (int)sizeof(password) - 1)
                                                password[i++] = *s;
                                password[i] = 0;
-                               if (!strcmp(rcon_password.string, password))
+                               if (password[0] > ' ' && !strcmp(rcon_password.string, password))
                                {
                                        // looks like a legitimate rcon command with the correct password
                                        Con_Printf("server received rcon command from %s:\n%s\n", host_client ? host_client->name : addressstring2, s);