Validate userinfo strings on connect. (Part of a nasty DOS fix.)

This commit is contained in:
Zephaniah E. Hull 2001-05-22 12:00:45 +00:00
parent 2b4c31b7ae
commit 5245f56012
3 changed files with 24 additions and 0 deletions

View file

@ -45,5 +45,6 @@ void Info_RemovePrefixedKeys (char *start, char prefix);
void Info_SetValueForKey (char *s, char *key, char *value, size_t maxsize);
void Info_SetValueForStarKey (char *s, char *key, char *value, size_t maxsize);
void Info_Print (char *s);
qboolean Info_Validate (char *s);
#endif // _INFO_H

View file

@ -293,3 +293,19 @@ Info_Print (char *s)
Con_Printf ("%s\n", value);
}
}
qboolean
Info_Validate (char *s)
{
int count;
char *p;
if (!s || *s == '\0')
return false;
for (p = s, count = 0; *p != '\0'; p++)
if (!*p == '\\')
count++;
return (!(count % 2));
}

View file

@ -674,6 +674,13 @@ SVC_DirectConnect (void)
strncpy (userinfo, Cmd_Argv (4), sizeof (userinfo) - 2);
userinfo[sizeof (userinfo) - 2] = 0;
// Validate the userinfo string.
if (!Info_Validate(userinfo)) {
Netchan_OutOfBandPrint (net_from, "%c\nInvalid userinfo string.\n",
A2C_PRINT);
return;
}
// see if the challenge is valid
for (i = 0; i < MAX_CHALLENGES; i++) {
if (NET_CompareBaseAdr (net_from, svs.challenges[i].adr)) {