Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not call Cmd_TokenizeString to parse serverinfo pk3 names #54

Open
wtfbbqhax opened this issue Aug 4, 2022 · 0 comments
Open

Do not call Cmd_TokenizeString to parse serverinfo pk3 names #54

wtfbbqhax opened this issue Aug 4, 2022 · 0 comments

Comments

@wtfbbqhax
Copy link
Owner

Two routines in the Files processing code are using Cmd_TokenizeString to pick apart server info to build pack lists. The concern is that Cmd_TokenizeString has special features for handling user configuration files, and user inputs. Best case scenario is that this is a harmless bug.

A couple features which should not be extended into the SERVERINFO processing include:

  • Cvar string interpolation ($)
  • Single line comments
  • Escape characters \0
  • Quoted strings

These are the bounties

void FS_PureServerSetLoadedPaks(const char *pakSums, const char *pakNames)
{
    Cmd_TokenizeString(pakSums);
void FS_PureServerSetReferencedPaks(const char *pakSums, const char *pakNames)
{
    Cmd_TokenizeString(pakSums);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wtfbbqhax