shithub: choc

Download patch

ref: a104b98d48c0d5cfa5dcc79175f0ffa853ec4528
parent: 244333454585d1740ae6ffa148f9112128778499
author: Simon Howard <fraggle@soulsphere.org>
date: Wed Sep 27 19:37:46 EDT 2017

net: Get rid of NET_SafePuts().

Instead what's almost always wanted is to read a "safe" string that
cannot contain any control codes. So introduce NET_ReadSafeString()
instead as a wrapper around NET_ReadString() that does this.

--- a/src/net_client.c
+++ b/src/net_client.c
@@ -433,7 +433,7 @@
     net_protocol_t protocol;
     char *server_version;
 
-    server_version = NET_ReadString(packet);
+    server_version = NET_ReadSafeString(packet);
     if (server_version == NULL)
     {
         return;
@@ -830,7 +830,7 @@
 {
     char *msg;
 
-    msg = NET_ReadString(packet);
+    msg = NET_ReadSafeString(packet);
 
     if (msg == NULL)
     {
@@ -837,9 +837,7 @@
         return;
     }
 
-    printf("Message from server: ");
-
-    NET_SafePuts(msg);
+    printf("Message from server:\n%s\n", msg);
 }
 
 // parse a received packet
--- a/src/net_common.c
+++ b/src/net_common.c
@@ -132,7 +132,7 @@
 {
     char *msg;
 
-    msg = NET_ReadString(packet);
+    msg = NET_ReadSafeString(packet);
 
     if (msg == NULL)
     {
@@ -146,8 +146,7 @@
         conn->state = NET_CONN_STATE_DISCONNECTED;
         conn->disconnect_reason = NET_DISCONNECT_REMOTE;
 
-        printf("Rejected by server: ");
-        NET_SafePuts(msg);
+        printf("Rejected by server: %s\n", msg);
     }
 }
 
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -15,6 +15,7 @@
 //      Network packet manipulation (net_packet_t)
 //
 
+#include <ctype.h>
 #include <string.h>
 #include "m_misc.h"
 #include "net_packet.h"
@@ -200,6 +201,37 @@
     ++packet->pos;
     
     return start;
+}
+
+// Read a string from the packet, but (potentially) modify it to strip
+// out any unprintable characters which could be malicious control codes.
+// Note that this may modify the original packet contents.
+char *NET_ReadSafeString(net_packet_t *packet)
+{
+    char *r, *w, *result;
+
+    result = NET_ReadString(packet);
+    if (result == NULL)
+    {
+        return NULL;
+    }
+
+    // w is always <= r, so we never produce a longer string than the original.
+    w = result;
+    for (r = result; *r != '\0'; ++r)
+    {
+        // TODO: This is a very naive way of producing a safe string; only
+        // ASCII characters are allowed. Probably this should really support
+        // UTF-8 characters as well.
+        if (isprint(*r) || *r == '\n')
+        {
+            *w = *r;
+            ++w;
+        }
+    }
+    *w = '\0';
+
+    return result;
 }
 
 // Dynamically increases the size of a packet
--- a/src/net_packet.h
+++ b/src/net_packet.h
@@ -33,6 +33,7 @@
 boolean NET_ReadSInt32(net_packet_t *packet, signed int *data);
 
 char *NET_ReadString(net_packet_t *packet);
+char *NET_ReadSafeString(net_packet_t *packet);
 
 void NET_WriteInt8(net_packet_t *packet, unsigned int i);
 void NET_WriteInt16(net_packet_t *packet, unsigned int i);
--- a/src/net_query.c
+++ b/src/net_query.c
@@ -738,7 +738,7 @@
         printf("(game running) ");
     }
 
-    NET_SafePuts(data->description);
+    printf("%s\n", data->description);
 }
 
 void NET_LANQuery(void)
--- a/src/net_server.c
+++ b/src/net_server.c
@@ -213,7 +213,7 @@
     va_start(args, s);
     M_vsnprintf(buf, sizeof(buf), s, args);
     va_end(args);
-    
+
     for (i=0; i<MAXNETNODES; ++i)
     {
         if (ClientConnected(&clients[i]))
@@ -222,7 +222,7 @@
         }
     }
 
-    NET_SafePuts(buf);
+    printf("%s\n", buf);
 }
 
 
--- a/src/net_structrw.c
+++ b/src/net_structrw.c
@@ -17,7 +17,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <ctype.h>
 
 #include "doomtype.h"
 #include "m_misc.h"
@@ -122,7 +121,7 @@
 {
     boolean result;
 
-    query->version = NET_ReadString(packet);
+    query->version = NET_ReadSafeString(packet);
 
     result = query->version != NULL
           && NET_ReadInt8(packet, (unsigned int *) &query->server_state)
@@ -133,7 +132,7 @@
     
     if (result)
     {
-        query->description = NET_ReadString(packet);
+        query->description = NET_ReadSafeString(packet);
 
         return query->description != NULL;
     }   
@@ -551,22 +550,3 @@
     NET_WriteBlob(packet, seed, sizeof(prng_seed_t));
 }
 
-// "Safe" version of puts, for displaying messages received from the
-// network.
-
-void NET_SafePuts(char *s)
-{
-    char *p;
-
-    // Do not do a straight "puts" of the string, as this could be
-    // dangerous (sending control codes to terminals can do all
-    // kinds of things)
-
-    for (p=s; *p; ++p)
-    {
-        if (isprint(*p) || *p == '\n')
-            putchar(*p);
-    }
-
-    putchar('\n');
-}
--- a/src/net_structrw.h
+++ b/src/net_structrw.h
@@ -43,8 +43,6 @@
 void NET_WriteWaitData(net_packet_t *packet, net_waitdata_t *data);
 boolean NET_ReadWaitData(net_packet_t *packet, net_waitdata_t *data);
 
-void NET_SafePuts(char *msg);
-
 boolean NET_ReadPRNGSeed(net_packet_t *packet, prng_seed_t seed);
 void NET_WritePRNGSeed(net_packet_t *packet, prng_seed_t seed);