mirror of
https://github.com/dreamstalker/rehlds.git
synced 2024-10-17 07:46:54 +03:00
19e3a5df56
Assume two clients connect with the following string ```connect 48 12345678 \prot\2\unique\-1\raw\261578371d95a424925835ca44f82811 \cl_lw\1\cl_lc\1\*hltv\1\rate\10000\cl_updaterate\20\hspecs\0\hslots\0\hdelay\30\name\test"``` Name will be parsed as ```test"``` Then in ```SV_CheckForDuplicateNames```, ```Info_SetValueForKey``` will fail because of the quotes, and an infinite loop will occur. I also added a check for ```\```, altough it's technically impossible to appear, it never hurts to be extra careful with this kind of client input. TODO (by others sorry, really busy atm): - Fix ```COM_Parse``` so that you can't inject quote marks. Other exploits may currently exist that also rely on this bug. |
||
|---|---|---|
| .. | ||
| common | ||
| dedicated | ||
| dlls | ||
| engine | ||
| filesystem | ||
| game_shared | ||
| HLTV | ||
| hookers | ||
| lib | ||
| msvc | ||
| pm_shared | ||
| public | ||
| rehlds | ||
| testsuite | ||
| unittests | ||
| version | ||
| build.gradle | ||