Changeset - r2373:a9ea9754767f
Parent rev.
Child rev.
[Not reviewed]
master
0 5 0
tron - 19 years ago 2005-08-28 12:24:57
tron@openttd.org
(svn r2899) -Fix: Several format string vulnerabilities and buffer overflows in the network code
5 files changed with 13 insertions and 13 deletions:
console_cmds.c
1
1
network.c
2
2
network_client.c
4
4
network_server.c
5
5
texteff.c
1
1
0 comments (0 inline, 0 general)
console_cmds.c
Show inline comments
 
@@ -1129,13 +1129,13 @@ DEF_CONSOLE_HOOK(ConProcPlayerName)
 
	// Don't change the name if it is the same as the old name
 
	if (strcmp(ci->client_name, _network_player_name) != 0) {
 
		if (!_network_server) {
 
			SEND_COMMAND(PACKET_CLIENT_SET_NAME)(_network_player_name);
 
		} else {
 
			if (NetworkFindName(_network_player_name)) {
 
				NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, _network_player_name);
 
				NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, "%s", _network_player_name);
 
				ttd_strlcpy(ci->client_name, _network_player_name, sizeof(ci->client_name));
 
				NetworkUpdateClientInfo(NETWORK_SERVER_INDEX);
 
			}
 
		}
 
	}
 

			




        

    


    
    

    

        

                

                    network.c
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -97,13 +97,13 @@ void CDECL NetworkTextMessage(NetworkAct

			




	
	
	
		
 
	va_list va;

			




	
	
	
		
 
	const int duration = 10; // Game days the messages stay visible

			




	
	
	
		
 
	char message[1024];

			




	
	
	
		
 
	char temp[1024];

			




	
	
	
		
 

			




	
	
	
		
 
	va_start(va, str);

			




	
	
	
		
 
	vsprintf(buf, str, va);

			




	
	
	
		
 
	vsnprintf(buf, lengthof(buf), str, va);

			




	
	
	
		
 
	va_end(va);

			




	
	
	
		
 

			




	
	
	
		
 
	switch (action) {

			




	
	
	
		
 
		case NETWORK_ACTION_JOIN:

			




	
	
	
		
 
			GetString(temp, STR_NETWORK_CLIENT_JOINED);

			




	
	
	
		
 
			snprintf(message, sizeof(message), "*** %s %s", name, temp);

			




	
	
		
 
@@ -496,13 +496,13 @@ void NetworkCloseClient(NetworkClientSta

			




	
	
	
		
 
		NetworkClientState *new_cs;

			




	
	
	
		
 

			




	
	
	
		
 
		NetworkGetClientName(client_name, sizeof(client_name), cs);

			




	
	
	
		
 

			




	
	
	
		
 
		GetString(str, STR_NETWORK_ERR_CLIENT_GENERAL + errorno);

			




	
	
	
		
 

			




	
	
	
		
 
		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, str);

			




	
	
	
		
 
		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, "%s", str);

			




	
	
	
		
 

			




	
	
	
		
 
		// Inform other clients of this... strange leaving ;)

			




	
	
	
		
 
		FOR_ALL_CLIENTS(new_cs) {

			




	
	
	
		
 
			if (new_cs->status > STATUS_AUTH && cs != new_cs) {

			




	
	
	
		
 
				SEND_COMMAND(PACKET_SERVER_ERROR_QUIT)(new_cs, cs->index, errorno);

			




	
	
	
		
 
			}

			




        

    


    
    

    

        

                

                    network_client.c
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -346,13 +346,13 @@ DEF_CLIENT_RECEIVE_COMMAND(PACKET_SERVER

			




	
	
	
		
 
		_network_playas = playas;

			




	
	
	
		
 

			




	
	
	
		
 
	ci = NetworkFindClientInfoFromIndex(index);

			




	
	
	
		
 
	if (ci != NULL) {

			




	
	
	
		
 
		if (playas == ci->client_playas && strcmp(name, ci->client_name) != 0) {

			




	
	
	
		
 
			// Client name changed, display the change

			




	
	
	
		
 
			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, name);

			




	
	
	
		
 
			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, "%s", name);

			




	
	
	
		
 
		} else if (playas != ci->client_playas) {

			




	
	
	
		
 
			// The player changed from client-player..

			




	
	
	
		
 
			// Do not display that for now

			




	
	
	
		
 
		}

			




	
	
	
		
 

			




	
	
	
		
 
		ci->client_playas = playas;

			




	
	
		
 
@@ -663,13 +663,13 @@ DEF_CLIENT_RECEIVE_COMMAND(PACKET_SERVER

			




	
	
	
		
 
	errorno = NetworkRecv_uint8(MY_CLIENT, p);

			




	
	
	
		
 

			




	
	
	
		
 
	GetString(str, STR_NETWORK_ERR_CLIENT_GENERAL + errorno);

			




	
	
	
		
 

			




	
	
	
		
 
	ci = NetworkFindClientInfoFromIndex(index);

			




	
	
	
		
 
	if (ci != NULL) {

			




	
	
	
		
 
		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, ci->client_name, str);

			




	
	
	
		
 
		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, ci->client_name, "%s", str);

			




	
	
	
		
 

			




	
	
	
		
 
		// The client is gone, give the NetworkClientInfo free

			




	
	
	
		
 
		ci->client_index = NETWORK_EMPTY_INDEX;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	InvalidateWindow(WC_CLIENT_LIST, 0);

			




	
	
		
 
@@ -681,17 +681,17 @@ DEF_CLIENT_RECEIVE_COMMAND(PACKET_SERVER

			




	
	
	
		
 
{

			




	
	
	
		
 
	char str[100];

			




	
	
	
		
 
	uint16 index;

			




	
	
	
		
 
	NetworkClientInfo *ci;

			




	
	
	
		
 

			




	
	
	
		
 
	index = NetworkRecv_uint16(MY_CLIENT, p);

			




	
	
	
		
 
	NetworkRecv_string(MY_CLIENT, p, str, 100);

			




	
	
	
		
 
	NetworkRecv_string(MY_CLIENT, p, str, lengthof(str));

			




	
	
	
		
 

			




	
	
	
		
 
	ci = NetworkFindClientInfoFromIndex(index);

			




	
	
	
		
 
	if (ci != NULL) {

			




	
	
	
		
 
		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, ci->client_name, str);

			




	
	
	
		
 
		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, ci->client_name, "%s", str);

			




	
	
	
		
 

			




	
	
	
		
 
		// The client is gone, give the NetworkClientInfo free

			




	
	
	
		
 
		ci->client_index = NETWORK_EMPTY_INDEX;

			




	
	
	
		
 
	} else {

			




	
	
	
		
 
		DEBUG(net, 0)("[NET] Error - unknown client (%d) is leaving the game", index);

			




	
	
	
		
 
	}

			




        

    


    
    

    

        

                

                    network_server.c
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -159,13 +159,13 @@ DEF_SERVER_SEND_COMMAND_PARAM(PACKET_SER

			




	
	
	
		
 
		NetworkGetClientName(client_name, sizeof(client_name), cs);

			




	
	
	
		
 

			




	
	
	
		
 
		GetString(str, STR_NETWORK_ERR_CLIENT_GENERAL + error);

			




	
	
	
		
 

			




	
	
	
		
 
		DEBUG(net, 2)("[NET] %s made an error (%s) and his connection is closed", client_name, str);

			




	
	
	
		
 

			




	
	
	
		
 
		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, str);

			




	
	
	
		
 
		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, "%s", str);

			




	
	
	
		
 

			




	
	
	
		
 
		FOR_ALL_CLIENTS(new_cs) {

			




	
	
	
		
 
			if (new_cs->status > STATUS_AUTH && new_cs != cs) {

			




	
	
	
		
 
				// Some errors we filter to a more general error. Clients don't have to know the real

			




	
	
	
		
 
				//  reason a joining failed.

			




	
	
	
		
 
				if (error == NETWORK_ERROR_NOT_AUTHORIZED || error == NETWORK_ERROR_NOT_EXPECTED || error == NETWORK_ERROR_WRONG_REVISION)

			




	
	
		
 
@@ -901,13 +901,13 @@ DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT

			




	
	
	
		
 
	NetworkGetClientName(client_name, sizeof(client_name), cs);

			




	
	
	
		
 

			




	
	
	
		
 
	GetString(str, STR_NETWORK_ERR_CLIENT_GENERAL + errorno);

			




	
	
	
		
 

			




	
	
	
		
 
	DEBUG(net, 2)("[NET] %s reported an error and is closing his connection (%s)", client_name, str);

			




	
	
	
		
 

			




	
	
	
		
 
	NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, str);

			




	
	
	
		
 
	NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, "%s", str);

			




	
	
	
		
 

			




	
	
	
		
 
	FOR_ALL_CLIENTS(new_cs) {

			




	
	
	
		
 
		if (new_cs->status > STATUS_AUTH) {

			




	
	
	
		
 
			SEND_COMMAND(PACKET_SERVER_ERROR_QUIT)(new_cs, cs->index, errorno);

			




	
	
	
		
 
		}

			




	
	
	
		
 
	}

			




	
	
		
 
@@ -926,17 +926,17 @@ DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT

			




	
	
	
		
 
	// The client was never joined.. thank the client for the packet, but ignore it

			




	
	
	
		
 
	if (cs->status < STATUS_DONE_MAP || cs->quited) {

			




	
	
	
		
 
		cs->quited = true;

			




	
	
	
		
 
		return;

			




	
	
	
		
 
	}

			




	
	
	
		
 

			




	
	
	
		
 
	NetworkRecv_string(cs, p, str, 100);

			




	
	
	
		
 
	NetworkRecv_string(cs, p, str, lengthof(str));

			




	
	
	
		
 

			




	
	
	
		
 
	NetworkGetClientName(client_name, sizeof(client_name), cs);

			




	
	
	
		
 

			




	
	
	
		
 
	NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, str);

			




	
	
	
		
 
	NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, "%s", str);

			




	
	
	
		
 

			




	
	
	
		
 
	FOR_ALL_CLIENTS(new_cs) {

			




	
	
	
		
 
		if (new_cs->status > STATUS_AUTH) {

			




	
	
	
		
 
			SEND_COMMAND(PACKET_SERVER_QUIT)(new_cs, cs->index, str);

			




	
	
	
		
 
		}

			




	
	
	
		
 
	}

			




	
	
		
 
@@ -1105,13 +1105,13 @@ DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT

			




	
	
	
		
 
	if (cs->quited)

			




	
	
	
		
 
		return;

			




	
	
	
		
 

			




	
	
	
		
 
	if (ci != NULL) {

			




	
	
	
		
 
		// Display change

			




	
	
	
		
 
		if (NetworkFindName(client_name)) {

			




	
	
	
		
 
			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, client_name);

			




	
	
	
		
 
			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, "%s", client_name);

			




	
	
	
		
 
			ttd_strlcpy(ci->client_name, client_name, sizeof(ci->client_name));

			




	
	
	
		
 
			NetworkUpdateClientInfo(ci->client_index);

			




	
	
	
		
 
		}

			




	
	
	
		
 
	}

			




	
	
	
		
 
}

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    texteff.c
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -59,13 +59,13 @@ void CDECL AddTextMessage(uint16 color, 

			




	
	
	
		
 
	char buf[1024];

			




	
	
	
		
 
	char buf2[MAX_TEXTMESSAGE_LENGTH];

			




	
	
	
		
 
	va_list va;

			




	
	
	
		
 
	int length;

			




	
	
	
		
 

			




	
	
	
		
 
	va_start(va, message);

			




	
	
	
		
 
	vsprintf(buf, message, va);

			




	
	
	
		
 
	vsnprintf(buf, lengthof(buf), message, va);

			




	
	
	
		
 
	va_end(va);

			




	
	
	
		
 

			




	
	
	
		
 
	/* Special color magic */

			




	
	
	
		
 
	if ((color & 0xFF) == 0xC9)

			




	
	
	
		
 
		color = 0x1CA;

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: code.theleruby.com-48
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2022 by various authors & licensed under GPLv3.
            – Support