Validate userinfo strings on connect. (Part of a nasty DOS fix.)

2024-11-10 15:22:04 +00:00 · 2001-05-22 12:00:45 +00:00 · 2001-05-22 12:00:45 +00:00 · 5245f56012
commit 5245f56012
parent 2b4c31b7ae
3 changed files with 24 additions and 0 deletions
--- a/include/QF/info.h
+++ b/include/QF/info.h
@ -45,5 +45,6 @@ void Info_RemovePrefixedKeys (char *start, char prefix);
 void Info_SetValueForKey (char *s, char *key, char *value, size_t maxsize);
 void Info_SetValueForStarKey (char *s, char *key, char *value, size_t maxsize);
 void Info_Print (char *s);
+qboolean Info_Validate (char *s);

 #endif	// _INFO_H
--- a/libs/util/info.c
+++ b/libs/util/info.c
@ -293,3 +293,19 @@ Info_Print (char *s)
 		Con_Printf ("%s\n", value);
 	}
 }
+
+qboolean
+Info_Validate (char *s)
+{
+	int count;
+	char *p;
+
+	if (!s || *s == '\0')
+		return false;
+
+	for (p = s, count = 0; *p != '\0'; p++)
+		if (!*p == '\\')
+			count++;
+
+	return (!(count % 2));
+}
--- a/qw/source/sv_main.c
+++ b/qw/source/sv_main.c
@ -674,6 +674,13 @@ SVC_DirectConnect (void)
 	strncpy (userinfo, Cmd_Argv (4), sizeof (userinfo) - 2);
 	userinfo[sizeof (userinfo) - 2] = 0;

+	// Validate the userinfo string.
+	if (!Info_Validate(userinfo)) {
+		Netchan_OutOfBandPrint (net_from, "%c\nInvalid userinfo string.\n",
+								A2C_PRINT);
+		return;
+	}
+
 	// see if the challenge is valid
 	for (i = 0; i < MAX_CHALLENGES; i++) {
 		if (NET_CompareBaseAdr (net_from, svs.challenges[i].adr)) {