Fix client code for catching rogue redirections and executes

The client permits redirection and execute only if it recently saw
them in player input.  The caching of recent player input for this
purpose was broken.

When save_input() evicted a line, it kept its newline.  This could
make the recent_input ring buffer fill up, which then got redirections
and execute misdiagnosed as rogue.

save_input() also screwed up when evicting one line didn't make
sufficient room for the line to be saved.  This could cause assertion
failure in forget_input().

Broken in commit 8b7d0b91, v4.3.11.

diff --git a/src/client/secure.c b/src/client/secure.c
index c99efa476233663ba19fcc04000ac9440119d415..624cbeb962371069e5cdfdcb0e0d2384578ac0fe 100644 (file)
--- a/src/client/secure.c
+++ b/src/client/secure.c
@@ -38,7 +38,7 @@
 #include "ringbuf.h"
 #include "secure.h"
 
-struct ring recent_input;
+static struct ring recent_input;
 static size_t saved_bytes;
 
 /*
@@ -51,14 +51,14 @@ size_t
 save_input(char *inp)
 {
     size_t len = strlen(inp);
-    int left;
+    int eol;
 
     assert(len && inp[len - 1] == '\n');
 
-    left = ring_putm(&recent_input, inp, len);
-    if (left < 0) {
-       ring_discard(&recent_input, ring_search(&recent_input, "\n"));
-       ring_putm(&recent_input, inp, len);
+    while (ring_putm(&recent_input, inp, len) < 0) {
+       eol = ring_search(&recent_input, "\n");
+       assert(eol >= 0);
+       ring_discard(&recent_input, eol + 1);
     }
     saved_bytes += len;
     return saved_bytes;