Browse Source

engine: client: protect protected, privileged and server only cvars from server query

pull/2/head
Alibek Omarov 3 years ago committed by a1batross
parent
commit
06eb6838a9
  1. 56
      engine/client/cl_parse.c

56
engine/client/cl_parse.c

@ -1883,46 +1883,42 @@ Find the client cvar value @@ -1883,46 +1883,42 @@ Find the client cvar value
and sent it back to the server
==============
*/
void CL_ParseCvarValue( sizebuf_t *msg )
void CL_ParseCvarValue( sizebuf_t *msg, const qboolean ext )
{
const char *cvarName = MSG_ReadString( msg );
convar_t *cvar = Cvar_FindVar( cvarName );
const char *cvarName, *response;
convar_t *cvar;
int requestID;
// build the answer
MSG_BeginClientCmd( &cls.netchan.message, clc_requestcvarvalue );
MSG_WriteString( &cls.netchan.message, cvar ? cvar->string : "Not Found" );
}
if( ext )
requestID = MSG_ReadLong( msg );
/*
==============
CL_ParseCvarValue2
cvarName = MSG_ReadString( msg );
cvar = Cvar_FindVar( cvarName );
Find the client cvar value
and sent it back to the server
==============
*/
void CL_ParseCvarValue2( sizebuf_t *msg )
{
int requestID = MSG_ReadLong( msg );
const char *cvarName = MSG_ReadString( msg );
convar_t *cvar = Cvar_FindVar( cvarName );
if( cvar )
{
if( cvar->flags & FCVAR_PRIVILEGED )
response = "CVAR is privileged";
else if( cvar->flags & FCVAR_SERVER )
response = "CVAR is server-only";
else if( cvar->flags & FCVAR_PROTECTED )
response = "CVAR is protected";
else
response = cvar->string;
}
else response = "Bad CVAR request";
// build the answer
if( ext )
{
MSG_BeginClientCmd( &cls.netchan.message, clc_requestcvarvalue2 );
MSG_WriteLong( &cls.netchan.message, requestID );
MSG_WriteString( &cls.netchan.message, cvarName );
if( cvar )
{
// cheater can change value ignoring Cvar_Set so we responce incorrect value
if( cvar->value != Q_atof( cvar->string ))
MSG_WriteString( &cls.netchan.message, va( "%s (%g)", cvar->string, cvar->value ));
else MSG_WriteString( &cls.netchan.message, cvar->string );
}
else
{
MSG_WriteString( &cls.netchan.message, "Not Found" );
MSG_BeginClientCmd( &cls.netchan.message, clc_requestcvarvalue );
}
MSG_WriteString( &cls.netchan.message, response );
}
/*
@ -2376,10 +2372,10 @@ void CL_ParseServerMessage( sizebuf_t *msg, qboolean normal_message ) @@ -2376,10 +2372,10 @@ void CL_ParseServerMessage( sizebuf_t *msg, qboolean normal_message )
CL_ParseResLocation( msg );
break;
case svc_querycvarvalue:
CL_ParseCvarValue( msg );
CL_ParseCvarValue( msg, false );
break;
case svc_querycvarvalue2:
CL_ParseCvarValue2( msg );
CL_ParseCvarValue( msg, true );
break;
case svc_exec:
CL_ParseExec( msg );

Loading…
Cancel
Save