Bug #275

Using Cmd_RemoveCommandSafe for CG_REMOVECOMMAND breaks compatibility with NQ/ETPub

Added by Radegast over 6 years ago. Updated about 6 years ago.

Status:Fixed% Done:

100%

Priority:ImmediateSpent time:-
Assignee:IR4T4
Category:General
Target version:2.71rc2
OS: Arch:

Description

Aftere ioquake3 file system merge NQ and ETPub drop client with this message: Restricted source tried to remove system command "+lookup"

source:src/client/cl_cgame.c

case CG_REMOVECOMMAND:
    // FIXME: NQ/ETPub drop client if Cmd_RemoveCommandSafe is used here
    Cmd_RemoveCommand(VMA(1));
    return 0;

Associated revisions

Revision 30fc07e3
Added by Radegast over 6 years ago

client: fixed NQ/ETPub incompatibility in CG_REMOVECOMMAND, refs #275

Revision c6507d55
Added by Ensiform over 6 years ago

general: disallow mods to remove system commands, refs #275

Revision ad4884dc
Added by IR4T4 over 6 years ago

client/cgame: allow to remove some commands by mod code again +
test/anti abuse code from ETPub refs #275

History

#1 Updated by Radegast over 6 years ago

  • Description updated (diff)

#2 Updated by Radegast over 6 years ago

The following commands are considered cheat commands, so we can whitelist them in the Cmd_RemoveCommand function. The primary goal of the function is to block mods from removing commands such as +quit.

Restricted source tried to remove system command "+lookup" 
Restricted source tried to remove system command "+lookdown" 
Restricted source tried to remove system command "-lookup" 
Restricted source tried to remove system command "-lookdown" 
Restricted source tried to remove system command "configstrings" <--- why?

There are more issues in the server compatiblity with NQ and other mods after the ioquake3 filesystem merge.

#3 Updated by IR4T4 over 6 years ago

  • Priority changed from Normal to Immediate

#4 Updated by IR4T4 over 6 years ago

Tbh I don’t see any reason to restrict the removal of system commands. Are modders interested in removing the quit cmd? I don’t think so. If cmds are removed there is a damn good reason on mod side. 'configstrings’ cmd f.e. offers the client the IP of other clients - see CS_PLAYERS. Quite deadly for 2.55 clients if their IP is known ...

#5 Updated by Radegast over 6 years ago

Where does it show other clients’ ip addresses?

#6 Updated by IR4T4 over 6 years ago

CS_PLAYERS

Edit: Oops - I was wrong IPs are not part of this CS. However there are some info in the string the client shouldn’t know ...

#7 Updated by IR4T4 about 6 years ago

  • Status changed from New to Fixed
  • Assignee set to IR4T4
  • Target version changed from 2.78 to 2.71rc2
  • % Done changed from 0 to 100

Issue is fixed.

Also available in: Atom PDF