Bug #1025

Security files check

Added by Spyhawk over 2 years ago. Updated 9 months ago.

Status:Feedback% Done:

90%

Priority:NormalSpent time:-
Assignee:IR4T4
Category:Client
Target version:2.77
OS: Arch:


Related issues

Related to ET: Legacy Development - Task #1165: Extend the vfs for separating downloads In Progress 15.01.2019

Associated revisions

Revision 8e731a60
Added by IR4T4 over 2 years ago

misc: Merge some file writing extension checks from OpenJK refs #1025

Revision 3500f7bc
Added by IR4T4 over 2 years ago

sys: Don’t load faulty DLLs - initial patch by ioq3/SmileTheory/Chomenor
refs #1025

Revision f7aacf32
Added by IR4T4 almost 2 years ago

misc: merged latest ioq3 security files checks refs #1025

Revision 4a982fe5
Added by IR4T4 over 1 year ago

qcommon: fix donwload issue refs #1025

Revision 07d509fa
Added by IR4T4 over 1 year ago

qcommon: fix clean command, fix updater removing old update binary file
refs #1025

Revision 642f3acd
Added by IR4T4 over 1 year ago

misc: check for invalid game dirs - patch by ioq3 refs #1025

History

#1 Updated by Spyhawk over 2 years ago

  • Target version set to 2.76

#2 Updated by Spyhawk over 2 years ago

  • Description updated (diff)
  • Category changed from General to Client

#3 Updated by IR4T4 over 2 years ago

We shouldn’t merge it directly. COM_DefaultExtension is involved for checking file extensions. We should just make this function stronger and check the last chars directly.

#4 Updated by IR4T4 over 2 years ago

  • Assignee set to IR4T4

#5 Updated by IR4T4 almost 2 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 90

Latest changes form ioq3 are merged. Please verify.

#6 Updated by IR4T4 almost 2 years ago

Our clean command isn’t working properly anymore.

Case 'clean all *.pk3’ drops the game because we are using FS_Remove() instead of FS_HomeRemove in Cmd_CleanHomepath_f

Code & clean command needs some rework:


1. We should use FS_HomeRemove in Cmd_CleanHomepath_f instead (requires changes to accept absolute paths or adjust Cmd_CleanHomepath_f)
2. 'force’ param is using plain remove() which is bypassing our security fixes Why there is a force param?
3. Inspect FS_DeleteDir & FS_Delete, both call remove()

#7 Updated by IR4T4 over 1 year ago

  • Priority changed from Immediate to Normal
  • Target version changed from 2.76 to 2.78

#8 Updated by IR4T4 9 months ago

  • Target version changed from 2.78 to 2.77

#9 Updated by Spyhawk 6 months ago

  • Related to Task #1165: Extend the vfs for separating downloads added

Also available in: Atom PDF