git.pond.sub.org Git - empserver/commit

author	Markus Armbruster <armbru@pond.sub.org>
	Sun, 27 Dec 2015 19:22:45 +0000 (20:22 +0100)
committer	Markus Armbruster <armbru@pond.sub.org>
	Mon, 24 Jul 2017 18:21:40 +0000 (20:21 +0200)
commit	5cb14f508ebf78a9e9bce29be7c2fe462fb73b91
tree	e6ebf131112130a9a9e317e7b94c5378952be6e2	tree \| snapshot
parent	d13950470a470d9c8fb119471d0ea862592f3220	commit \| diff

client: Fix rogue execute protection

To protect against a rogue server reading your files, the client
honors C_EXECUTE only when it matches recent player input.

This has a somewhat troubled history, detailed in the previous commit.

The remaining major issue comes from commit 8b7d0b9 (v4.3.11): any
suffix of a recent line of input is accepted as C_EXECUTE text.
Before, only text that looked like an argument of an execute command
or a redirection was accepted.

Fix by again requiring the text to be preceded by something that looks
like an execute command. But do it more carefully: don't break
execute with a prompted for argument, and prevent abuse of
redirections for execute.

Signed-off-by: Markus Armbruster <armbru@pond.sub.org>

src/client/ringbuf.c		diff \| blob \| history
src/client/ringbuf.h		diff \| blob \| history
src/client/secure.c		diff \| blob \| history
src/client/secure.h		diff \| blob \| history
src/client/servcmd.c		diff \| blob \| history