diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/client.cpp | 17 | ||||
| -rw-r--r-- | src/clientserver.h | 2 | ||||
| -rw-r--r-- | src/server.cpp | 18 |
3 files changed, 34 insertions, 3 deletions
diff --git a/src/client.cpp b/src/client.cpp index aca38b166..38ed14978 100644 --- a/src/client.cpp +++ b/src/client.cpp @@ -1276,6 +1276,13 @@ void Client::ProcessData(u8 *data, u32 datasize, u16 sender_peer_id) //read texture from cache std::string name = deSerializeString(is); std::string sha1_texture = deSerializeString(is); + + // if name contains illegal characters, ignore the texture + if(!string_allowed(name, TEXTURENAME_ALLOWED_CHARS)){ + errorstream<<"Client: ignoring illegal texture name " + <<"sent by server: \""<<name<<"\""<<std::endl; + continue; + } std::string tpath = getTextureCacheDir() + DIR_DELIM + name; // Read data @@ -1371,8 +1378,6 @@ void Client::ProcessData(u8 *data, u32 datasize, u16 sender_peer_id) for each texture { u16 length of name string name - u16 length of path - string path } */ std::ostringstream os(std::ios_base::binary); @@ -1439,6 +1444,14 @@ void Client::ProcessData(u8 *data, u32 datasize, u16 sender_peer_id) for(int i=0; i<num_textures; i++){ std::string name = deSerializeString(is); std::string data = deSerializeLongString(is); + + // if name contains illegal characters, ignore the texture + if(!string_allowed(name, TEXTURENAME_ALLOWED_CHARS)){ + errorstream<<"Client: ignoring illegal texture name " + <<"sent by server: \""<<name<<"\""<<std::endl; + continue; + } + // Silly irrlicht's const-incorrectness Buffer<char> data_rw(data.c_str(), data.size()); // Create an irrlicht memory file diff --git a/src/clientserver.h b/src/clientserver.h index 3f97d3732..43de689e4 100644 --- a/src/clientserver.h +++ b/src/clientserver.h @@ -48,6 +48,8 @@ with this program; if not, write to the Free Software Foundation, Inc., #define PASSWORD_SIZE 28 // Maximum password length. Allows for // base64-encoded SHA-1 (27+\0). +#define TEXTURENAME_ALLOWED_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_." + enum ToClientCommand { TOCLIENT_INIT = 0x10, diff --git a/src/server.cpp b/src/server.cpp index 8bf9eee38..d1a71bdbc 100644 --- a/src/server.cpp +++ b/src/server.cpp @@ -4273,6 +4273,12 @@ void Server::PrepareTextures() { if(dirlist[j].dir) // Ignode dirs continue; std::string tname = dirlist[j].name; + // if name contains illegal characters, ignore the texture + if(!string_allowed(tname, TEXTURENAME_ALLOWED_CHARS)){ + errorstream<<"Server: ignoring illegal texture name: \"" + <<tname<<"\""<<std::endl; + continue; + } std::string tpath = texturepath + DIR_DELIM + tname; // Read data std::ifstream fis(tpath.c_str(), std::ios_base::binary); @@ -4300,6 +4306,11 @@ void Server::PrepareTextures() { <<tname<<"\""<<std::endl; continue; } + if(tmp_os.str().length() == 0){ + errorstream<<"Server::PrepareTextures(): Empty file \"" + <<tpath<<"\""<<std::endl; + continue; + } SHA1 sha1; sha1.addBytes(tmp_os.str().c_str(), tmp_os.str().length()); @@ -4332,7 +4343,7 @@ struct SendableTextureAnnouncement void Server::SendTextureAnnouncement(u16 peer_id){ DSTACK(__FUNCTION_NAME); - infostream<<"Server::SendTextureAnnouncement(): Calculate sha1 sums of textures and send to client"<<std::endl; + infostream<<"Server::SendTextureAnnouncement()"<<std::endl; core::list<SendableTextureAnnouncement> texture_announcements; @@ -4407,6 +4418,11 @@ void Server::SendTexturesRequested(u16 peer_id,core::list<TextureRequest> tosend u32 texture_size_bunch_total = 0; for(core::list<TextureRequest>::Iterator i = tosend.begin(); i != tosend.end(); i++) { + if(m_Textures.find(i->name) == m_Textures.end()){ + errorstream<<"Server::SendTexturesRequested(): Client asked for " + <<"unknown texture \""<<(i->name)<<"\""<<std::endl; + continue; + } //TODO get path + name std::string tpath = m_Textures[(*i).name].path; |