Commit 19e3a5df authored by Committed by Alik Aslanyan
Fix (Re)HLDS exploit (Can't use keys or values with a ")
Assume two clients connect with the following string ```connect 48 12345678 \prot\2\unique\-1\raw\261578371d95a424925835ca44f82811 \cl_lw\1\cl_lc\1\*hltv\1\rate\10000\cl_updaterate\20\hspecs\0\hslots\0\hdelay\30\name\test"``` Name will be parsed as ```test"``` Then in ```SV_CheckForDuplicateNames```, ```Info_SetValueForKey``` will fail because of the quotes, and an infinite loop will occur. I also added a check for ```\```, altough it's technically impossible to appear, it never hurts to be extra careful with this kind of client input. TODO (by others sorry, really busy atm): - Fix ```COM_Parse``` so that you can't inject quote marks. Other exploits may currently exist that also rely on this bug.
Showing with 5 additions and 1 deletion