Commit graph

4 commits

Author SHA1 Message Date
Bill Currie
218554d60a move include/QF/string.h to include/qstring.h and include it automaticly if
needed in compat.h
2001-12-13 20:44:32 +00:00
Bill Currie
650d682d2c fix some nasty security holes causes by oversized connection strings. slows
down overkill slightly :/
2001-12-03 21:06:57 +00:00
Adam Olsen
18036b63d9 - change MSG_ReadString to return const char * and return a pointer
directly into the packet data.
- change a bunch of char *'s to const char *'s for the above.  Only
  thing that had trouble was the cl_nofake handler, which I changed to
  use a local buffer.
- add MSG_ReadStaticString which acts like the old MSG_ReadString,
  specifically that it uses a static buffer and tollerates
  unterminated strings.
- add a Q_strnlen function, and make strnlen use it if strnlen is
  undefined.
- Add a net_svc.h and net_svc.c which will preparse svc messages into
  structs, for easier handling.  Currently only soundlist and
  modellist are done.
2001-10-18 04:44:58 +00:00
Adam Olsen
0785610296 - fix a little mistake in SV_PrintToClient that'd cause it to
segfault if your first call was with "".  Probably could cause
  crashes too
- add a string.c file to libQFutil, with a Q_strcasestr function,
  which strcasestr is defined to if it's not already defined.  (we'd
  get that with glibc if we defined __USE_GNU, but we don't)
- make client_t and SV_ExtractFromUserinfo both use NAME_MAX for
  their name arrays, instead of 32 for one and 80 for the other
- rewrite almost all of SV_ExtractFromUserinfo's name handling.
  - \r, \n, and \t are all converted to spaces
  - leading/trailing spaces are stripped
  - consecutive spaces are reduced to a single space
  - empty names are considered bad
  - user-* nicks are considered bad (unless forced to them)
  - a name containing console or admin is considered bad
  - a name that already exists is considered bad
  - if they have a bad name it gets forced to user-%d, where %d is
    their userid
  - netname in the progs is now updated properly
  - name changes are always reported unless it's the initial setting,
    rather than only if they're full connected and not a spectator
  - finally, if the name change fails (info string exceeded), give
    them the boot.  (before this was only done for duplicate names)

That's about it :)
2001-10-04 19:11:39 +00:00