From 06eb6838a9d08cb568f98a94116e4e80f8692655 Mon Sep 17 00:00:00 2001 From: Alibek Omarov Date: Sun, 7 Nov 2021 13:33:21 +0300 Subject: [PATCH] engine: client: protect protected, privileged and server only cvars from server query --- engine/client/cl_parse.c | 60 +++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 32 deletions(-) diff --git a/engine/client/cl_parse.c b/engine/client/cl_parse.c index ce230215..d39932f5 100644 --- a/engine/client/cl_parse.c +++ b/engine/client/cl_parse.c @@ -1883,46 +1883,42 @@ Find the client cvar value and sent it back to the server ============== */ -void CL_ParseCvarValue( sizebuf_t *msg ) +void CL_ParseCvarValue( sizebuf_t *msg, const qboolean ext ) { - const char *cvarName = MSG_ReadString( msg ); - convar_t *cvar = Cvar_FindVar( cvarName ); + const char *cvarName, *response; + convar_t *cvar; + int requestID; - // build the answer - MSG_BeginClientCmd( &cls.netchan.message, clc_requestcvarvalue ); - MSG_WriteString( &cls.netchan.message, cvar ? cvar->string : "Not Found" ); -} - -/* -============== -CL_ParseCvarValue2 - -Find the client cvar value -and sent it back to the server -============== -*/ -void CL_ParseCvarValue2( sizebuf_t *msg ) -{ - int requestID = MSG_ReadLong( msg ); - const char *cvarName = MSG_ReadString( msg ); - convar_t *cvar = Cvar_FindVar( cvarName ); + if( ext ) + requestID = MSG_ReadLong( msg ); - // build the answer - MSG_BeginClientCmd( &cls.netchan.message, clc_requestcvarvalue2 ); - MSG_WriteLong( &cls.netchan.message, requestID ); - MSG_WriteString( &cls.netchan.message, cvarName ); + cvarName = MSG_ReadString( msg ); + cvar = Cvar_FindVar( cvarName ); if( cvar ) { - // cheater can change value ignoring Cvar_Set so we responce incorrect value - if( cvar->value != Q_atof( cvar->string )) - MSG_WriteString( &cls.netchan.message, va( "%s (%g)", cvar->string, cvar->value )); - else MSG_WriteString( &cls.netchan.message, cvar->string ); + if( cvar->flags & FCVAR_PRIVILEGED ) + response = "CVAR is privileged"; + else if( cvar->flags & FCVAR_SERVER ) + response = "CVAR is server-only"; + else if( cvar->flags & FCVAR_PROTECTED ) + response = "CVAR is protected"; + else + response = cvar->string; + } + else response = "Bad CVAR request"; + + if( ext ) + { + MSG_BeginClientCmd( &cls.netchan.message, clc_requestcvarvalue2 ); + MSG_WriteLong( &cls.netchan.message, requestID ); + MSG_WriteString( &cls.netchan.message, cvarName ); } else { - MSG_WriteString( &cls.netchan.message, "Not Found" ); + MSG_BeginClientCmd( &cls.netchan.message, clc_requestcvarvalue ); } + MSG_WriteString( &cls.netchan.message, response ); } /* @@ -2376,10 +2372,10 @@ void CL_ParseServerMessage( sizebuf_t *msg, qboolean normal_message ) CL_ParseResLocation( msg ); break; case svc_querycvarvalue: - CL_ParseCvarValue( msg ); + CL_ParseCvarValue( msg, false ); break; case svc_querycvarvalue2: - CL_ParseCvarValue2( msg ); + CL_ParseCvarValue( msg, true ); break; case svc_exec: CL_ParseExec( msg );