// noclip
VectorCopy (wishvel, host_client->edict->fields.server->velocity);
}
- else if (onground && (!sv_gameplayfix_qwplayerphysics.integer || !(host_client->edict->fields.server->button2 || !((int)host_client->edict->fields.server->flags & FL_JUMPRELEASED))))
+ else if (onground && (!sv_gameplayfix_qwplayerphysics.integer || !host_client->edict->fields.server->button2 || !((int)host_client->edict->fields.server->flags & FL_JUMPRELEASED)))
{
SV_UserFriction ();
SV_Accelerate ();
void SV_ReadClientMessage(void)
{
int cmd, num, start;
- char *s;
+ char *s, *p, *q;
//MSG_BeginReading ();
sv_numreadmoves = 0;
break;
case clc_stringcmd:
+ // allow reliable messages now as the client is done with initial loading
+ if (host_client->sendsignon == 2)
+ host_client->sendsignon = 0;
s = MSG_ReadString ();
+ q = NULL;
+ for(p = s; *p; ++p) switch(*p)
+ {
+ case 10:
+ case 13:
+ if(!q)
+ q = p;
+ break;
+ default:
+ if(q)
+ goto clc_stringcmd_invalid; // newline seen, THEN something else -> possible exploit
+ break;
+ }
+ if(q)
+ *q = 0;
if (strncasecmp(s, "spawn", 5) == 0
|| strncasecmp(s, "begin", 5) == 0
|| strncasecmp(s, "prespawn", 8) == 0)
Cmd_ExecuteString (s, src_client);
break;
+clc_stringcmd_invalid:
+ Con_Printf("Received invalid stringcmd from %s\n", host_client->name);
+ if(developer.integer)
+ Com_HexDumpToConsole((unsigned char *) s, strlen(s));
+ break;
+
case clc_disconnect:
SV_DropClient (false); // client wants to disconnect
return;