[Bug 3767] Some protection from malicious qvms
bugzilla-daemon at icculus.org
bugzilla-daemon at icculus.org
Wed Sep 3 17:50:41 EDT 2008
http://bugzilla.icculus.org/show_bug.cgi?id=3767
bugzilla at benmachine.co.uk changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1853 is|0 |1
obsolete| |
------- Comment #4 from bugzilla at benmachine.co.uk 2008-09-03 17:50 EDT -------
Created an attachment (id=1854)
--> (http://bugzilla.icculus.org/attachment.cgi?id=1854&action=view)
Tighter security
This patch prohibits using Cvar_Get to add CVAR_USER_CREATED to an
already-existing variable, which should close the security hole with
trap_Cvar_Register
It also adds protection to sv_game.c which I omitted the first time.
--
Configure bugmail: http://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the quake3-bugzilla
mailing list