mirror of
https://github.com/dreamstalker/rehlds.git
synced 2024-10-17 07:46:54 +03:00
19e3a5df56
Assume two clients connect with the following string ```connect 48 12345678 \prot\2\unique\-1\raw\261578371d95a424925835ca44f82811 \cl_lw\1\cl_lc\1\*hltv\1\rate\10000\cl_updaterate\20\hspecs\0\hslots\0\hdelay\30\name\test"``` Name will be parsed as ```test"``` Then in ```SV_CheckForDuplicateNames```, ```Info_SetValueForKey``` will fail because of the quotes, and an infinite loop will occur. I also added a check for ```\```, altough it's technically impossible to appear, it never hurts to be extra careful with this kind of client input. TODO (by others sorry, really busy atm): - Fix ```COM_Parse``` so that you can't inject quote marks. Other exploits may currently exist that also rely on this bug. |
||
---|---|---|
.. | ||
common | ||
dedicated | ||
dlls | ||
engine | ||
filesystem | ||
game_shared | ||
HLTV | ||
hookers | ||
lib | ||
msvc | ||
pm_shared | ||
public | ||
rehlds | ||
testsuite | ||
unittests | ||
version | ||
build.gradle |