engine: try to mitigate outdated client.dll vulnerabilities

3 years ago · b24c1a51d3
2 changed files with 13 additions and 1 deletions
--- a/engine/common/cmd.c
+++ b/engine/common/cmd.c
@ -747,7 +747,15 @@ Cmd_AddClientCommand
				@@ -747,7 +747,15 @@ Cmd_AddClientCommand
 */
 int GAME_EXPORT Cmd_AddClientCommand( const char *cmd_name, xcommand_t function )
 {
-	return Cmd_AddCommandEx( __FUNCTION__, cmd_name, function, "client command", CMD_CLIENTDLL );
+	int flags = CMD_CLIENTDLL;
+
+	// a1ba: try to mitigate outdated client.dll vulnerabilities
+	if( !Q_stricmp( cmd_name, "motd_write" ))
+	{
+		flags |= CMD_LOCALONLY;
+	}
+
+	return Cmd_AddCommandEx( __FUNCTION__, cmd_name, function, "client command", flags );
 }

 /*
--- a/engine/common/common.c
+++ b/engine/common/common.c
@ -886,6 +886,10 @@ pfnCvar_RegisterVariable
				@@ -886,6 +886,10 @@ pfnCvar_RegisterVariable
 */
 cvar_t *pfnCvar_RegisterClientVariable( const char *szName, const char *szValue, int flags )
 {
+	// a1ba: try to mitigate outdated client.dll vulnerabilities
+	if( !Q_stricmp( szName, "motdfile" ))
+		flags |= FCVAR_LOCALONLY;
+
 	if( FBitSet( flags, FCVAR_GLCONFIG ))
 		return (cvar_t *)Cvar_Get( szName, szValue, flags, va( CVAR_GLCONFIG_DESCRIPTION, szName ));
 	return (cvar_t *)Cvar_Get( szName, szValue, flags|FCVAR_CLIENTDLL, Cvar_BuildAutoDescription( flags|FCVAR_CLIENTDLL ));