Permalink
Browse files

Sanitize servercfgfile and lservercfgfile values with sm_cvar (bug 65…

…79).
  • Loading branch information...
1 parent 3fd7b29 commit c7f413f1b02a99781867d6ea3018684bd6c4a267 @psychonic psychonic committed Jan 20, 2017
Showing with 10 additions and 0 deletions.
  1. +10 −0 plugins/basecommands.sp
@@ -308,6 +308,16 @@ public Action Command_Cvar(int client, int args)
}
GetCmdArg(2, value, sizeof(value));
+
+ // The server passes the values of these directly into ServerCommand, following exec. Sanitize.
+ if (StrEqual(cvarname, "servercfgfile", false) || StrEqual(cvarname, "lservercfgfile", false))
+ {
+ int pos = StrContains(value, ";", true);
+ if (pos != -1)
+ {
+ value[pos] = '\0';
+ }
+ }
if ((hndl.Flags & FCVAR_PROTECTED) != FCVAR_PROTECTED)
{

0 comments on commit c7f413f

Please sign in to comment.