From aba21dd5635179bfe34838a002b1a4d6a4aeefb8 Mon Sep 17 00:00:00 2001 From: Darkvater Date: Tue, 2 May 2006 13:00:07 +0000 Subject: [PATCH] (svn r4667) - Backport from trunk (r4291): Fix: validate all received strings for correctness. This fixes potential crashes on hacked clients/servers --- network_data.c | 3 +++ network_udp.c | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/network_data.c b/network_data.c index 75e6e178ca..8d43f90622 100644 --- a/network_data.c +++ b/network_data.c @@ -273,6 +273,7 @@ uint64 NetworkRecv_uint64(NetworkClientState *cs, Packet *packet) void NetworkRecv_string(NetworkClientState *cs, Packet *p, char* buffer, size_t size) { int pos; + char *bufp = buffer; /* Don't allow reading from a closed socket */ if (cs->quited) @@ -289,6 +290,8 @@ void NetworkRecv_string(NetworkClientState *cs, Packet *p, char* buffer, size_t ++pos; } p->pos = pos; + + str_validate(bufp); } // If PacketSize changes of size, you have to change the 2 packet->size diff --git a/network_udp.c b/network_udp.c index 6ce80ad81b..5ee2bb6eae 100644 --- a/network_udp.c +++ b/network_udp.c @@ -134,9 +134,6 @@ DEF_UDP_RECEIVE_COMMAND(PACKET_UDP_SERVER_RESPONSE) item->info.map_set = NetworkRecv_uint8(&_udp_cs, p); item->info.dedicated = NetworkRecv_uint8(&_udp_cs, p); - str_validate(item->info.server_name); - str_validate(item->info.server_revision); - str_validate(item->info.map_name); if (item->info.server_lang >= NETWORK_NUM_LANGUAGES) item->info.server_lang = 0; if (item->info.map_set >= NUM_LANDSCAPE ) item->info.map_set = 0;