msg.h:

give mst_t a buffer to hold unterminated message strings
	kill MSG_ReadStaticString and MSG_ReadStringLine
msg.c:
	kill MSG_ReadStaticString and MSG_ReadStringLine
	MSG_ReadString: implement the buffer for unterminated message strings
	and update readcount on badread
cl_main.c:
	go back to MSG_ReadString and fix up the resulting const char * issues
cl_parse.c:
	rewrite the cl_mofake code all because of an uninitialized variable :)
sv_main.c:
	use MSG_ReadString instead of MSG_ReadStringLine because
	Cmd_TokenizeString really doesn't care about a terminating \n

include/QF/msg.h

@@ -44,6 +44,8 @@ typedef struct msg_s {
 	int readcount;
 	qboolean badread;		// set if a read goes beyond end of message
 	sizebuf_t *message;
+	size_t badread_string_size;
+	char *badread_string;
 } msg_t;
 
 void MSG_BeginReading (msg_t *msg);
@@ -54,8 +56,7 @@ int MSG_ReadShort (msg_t *msg);
 int MSG_ReadLong (msg_t *msg);
 float MSG_ReadFloat (msg_t *msg);
 const char *MSG_ReadString (msg_t *msg);
-char *MSG_ReadStaticString (msg_t *msg);
-char *MSG_ReadStringLine (msg_t *msg);
+const char *MSG_ReadStringLine (msg_t *msg);
 
 float MSG_ReadCoord (msg_t *msg);
 float MSG_ReadAngle (msg_t *msg);

libs/util/msg.c

@@ -269,7 +269,7 @@ MSG_ReadString (msg_t *msg)
 	char   *string;
 	int		len, maxlen;
 
-	if (msg->readcount + 1 > msg->message->cursize) {
+	if (msg->badread || msg->readcount + 1 > msg->message->cursize) {
 		msg->badread = true;
 		return "";
 	}
@@ -279,58 +279,23 @@ MSG_ReadString (msg_t *msg)
 	maxlen = msg->message->cursize - msg->readcount;
 	len = strnlen (string, maxlen);
 	if (len == maxlen) {
+		msg->readcount = msg->readcount;
 		msg->badread = true;
-		return "";
+		if (len + 1 > msg->badread_string_size) {
+			if (msg->badread_string)
+				free (msg->badread_string);
+			msg->badread_string = malloc (len + 1);
+			msg->badread_string_size = len + 1;
+		}
+		strncpy (msg->badread_string, string, len);
+		msg->badread_string[len] = 0;
+		return msg->badread_string;
 	}
 	msg->readcount += len + 1;
 
 	return string;
 }
 
-// Netchan_OutOfBandPrint is broken such that it strips the
-// terminating nul, which means connection packets (amoung others)
-// aren't nul-terminated.  So I provide the old string function for
-// connectionless-packet parsers to use.
-char *
-MSG_ReadStaticString (msg_t *msg)
-{
-	static char string[2048];
-	int         l, c;
-
-	l = 0;
-	do {
-		c = MSG_ReadChar (msg);
-		if (c == -1 || c == 0)
-			break;
-		string[l] = c;
-		l++;
-	} while (l < sizeof (string) - 1);
-
-	string[l] = 0;
-
-	return string;
-}
-
-char       *
-MSG_ReadStringLine (msg_t *msg)
-{
-	static char string[2048];
-	int         l, c;
-
-	l = 0;
-	do {
-		c = MSG_ReadChar (msg);
-		if (c == -1 || c == 0 || c == '\n')
-			break;
-		string[l] = c;
-		l++;
-	} while (l < sizeof (string) - 1);
-
-	string[l] = 0;
-
-	return string;
-}
-
 float
 MSG_ReadCoord (msg_t *msg)
 {

qw/source/cl_main.c

@@ -843,7 +843,7 @@ CL_Reconnect_f (void)
 void
 CL_ConnectionlessPacket (void)
 {
-	char       *s;
+	const char *s;
 	int         c, clcp_temp;
 
 	MSG_BeginReading (net_message);
@@ -873,6 +873,7 @@ CL_ConnectionlessPacket (void)
 	// remote command from gui front end
 	if (c == A2C_CLIENT_COMMAND) {
 		char        cmdtext[2048];
+		int         len;
 
 		Con_Printf ("client command\n");
 
@@ -883,20 +884,23 @@ CL_ConnectionlessPacket (void)
 			Con_Printf ("Command packet from remote host.  Ignored.\n");
 			return;
 		}
-		s = MSG_ReadStaticString (net_message);
+		s = MSG_ReadString (net_message);
 
 		strncpy (cmdtext, s, sizeof (cmdtext) - 1);
 		cmdtext[sizeof (cmdtext) - 1] = 0;
 
-		s = MSG_ReadStaticString (net_message);
+		s = MSG_ReadString (net_message);
 
 		while (*s && isspace ((int) *s))
 			s++;
-		while (*s && isspace ((int) (s[strlen (s) - 1])))
-			s[strlen (s) - 1] = 0;
+		len = strlen (s);
+		while (len && isspace ((byte) s[len - 1]))
+			len--;
 
 		if (!allowremotecmd
-			&& (!*localid->string || strcmp (localid->string, s))) {
+			&& (!*localid->string
+				|| strlen (localid->string) > len
+				|| strncmp (localid->string, s, len))) {
 			if (!*localid->string) {
 				Con_Printf ("===========================\n");
 				Con_Printf ("Command packet received from local host, but no "
@@ -923,7 +927,7 @@ CL_ConnectionlessPacket (void)
 	}
 	// print command from somewhere
 	if (c == A2C_PRINT) {
-		s = MSG_ReadStaticString (net_message);
+		s = MSG_ReadString (net_message);
 		if (SL_CheckStatus(NET_AdrToString (net_from), s))
 		{
 			Con_Printf("status response\n");
@@ -952,7 +956,7 @@ CL_ConnectionlessPacket (void)
 	if (c == S2C_CHALLENGE) {
 		Con_Printf ("challenge\n");
 
-		s = MSG_ReadStaticString (net_message);
+		s = MSG_ReadString (net_message);
 		cls.challenge = atoi (s);
 		if (strstr (s, "QF"))
 			CL_AddQFInfoKeys ();
@@ -964,7 +968,7 @@ CL_ConnectionlessPacket (void)
 	{
 		Con_Printf("Master Server Reply\n");
 		clcp_temp = MSG_ReadByte (net_message);
-		s = MSG_ReadStaticString (net_message);
+		s = MSG_ReadString (net_message);
 		MSL_ParseServerList(s);
 		return;
 	}

qw/source/cl_parse.c

@@ -1153,7 +1153,6 @@ CL_ParseServerMessage (void)
 
 			case svc_print: {
 				char p[2048];
-				int j;
 				i = MSG_ReadByte (net_message);
 				s = MSG_ReadString (net_message);
 				if (i == PRINT_CHAT) {
@@ -1161,13 +1160,13 @@ CL_ParseServerMessage (void)
 					// teammates
 
 					if (cl_nofake->int_val) {
-						do {
-							p[j] = (s[j] == 13) ? '#' : s[j];
-							if (j == sizeof (p) - 1) {
-								p[j] = '\0';
-								break;
-							}
-						} while (s[j++]);
+						char       *c;
+						strncpy (p, s, sizeof (p));
+						p[sizeof (p) - 1] = 0;
+						for (c = p; *c; c++) {
+							if (*c == '\r')
+								*c = '#';
+						}
 						s = p;
 					}
 					con_ormask = 128;

qw/source/sv_main.c

@@ -1017,7 +1017,7 @@ SV_ConnectionlessPacket (void)
 	MSG_BeginReading (net_message);
 	MSG_ReadLong (net_message);					// skip the -1 marker
 
-	s = MSG_ReadStringLine (net_message);
+	s = MSG_ReadString (net_message);
 
 	Cmd_TokenizeString (s);