From 55b7fa158858b6dd3d47e60967fd59c69575983b Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Sat, 23 Aug 2008 16:19:09 -0400 Subject: [PATCH] Fix client code for catching rogue redirections and executes The client permits redirection and execute only if it recently saw them in player input. The caching of recent player input for this purpose was broken. When save_input() evicted a line, it kept its newline. This could make the recent_input ring buffer fill up, which then got redirections and execute misdiagnosed as rogue. save_input() also screwed up when evicting one line didn't make sufficient room for the line to be saved. This could cause assertion failure in forget_input(). Broken in commit 8b7d0b91, v4.3.11. --- src/client/secure.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/client/secure.c b/src/client/secure.c index c99efa47..624cbeb9 100644 --- a/src/client/secure.c +++ b/src/client/secure.c @@ -38,7 +38,7 @@ #include "ringbuf.h" #include "secure.h" -struct ring recent_input; +static struct ring recent_input; static size_t saved_bytes; /* @@ -51,14 +51,14 @@ size_t save_input(char *inp) { size_t len = strlen(inp); - int left; + int eol; assert(len && inp[len - 1] == '\n'); - left = ring_putm(&recent_input, inp, len); - if (left < 0) { - ring_discard(&recent_input, ring_search(&recent_input, "\n")); - ring_putm(&recent_input, inp, len); + while (ring_putm(&recent_input, inp, len) < 0) { + eol = ring_search(&recent_input, "\n"); + assert(eol >= 0); + ring_discard(&recent_input, eol + 1); } saved_bytes += len; return saved_bytes;