client: Fix rogue execute protection
To protect against a rogue server reading your files, the client
honors C_EXECUTE only when it matches recent player input.
This has a somewhat troubled history, detailed in the previous commit.
The remaining major issue comes from commit 8b7d0b9 (v4.3.11): any
suffix of a recent line of input is accepted as C_EXECUTE text.
Before, only text that looked like an argument of an execute command
or a redirection was accepted.
Fix by again requiring the text to be preceded by something that looks
like an execute command. But do it more carefully: don't break
execute with a prompted for argument, and prevent abuse of
redirections for execute.
Signed-off-by: Markus Armbruster <armbru@pond.sub.org>
This commit is contained in:
parent
d13950470a
commit
5cb14f508e
5 changed files with 83 additions and 24 deletions
|
|
@ -157,16 +157,17 @@ ring_discard(struct ring *r, int n)
|
|||
|
||||
/*
|
||||
* Search the ring buffer for zero-terminated string S.
|
||||
* If found, return a non-negative value referring to the beginning of
|
||||
* S in the buffer when passed to ring_peek(). Else return -1.
|
||||
* Start at the @(n+1)-th byte to be gotten.
|
||||
* If found, return the number of bytes in the buffer before S.
|
||||
* Else return -1.
|
||||
*/
|
||||
int
|
||||
ring_search(struct ring *r, char *s)
|
||||
ring_search(struct ring *r, char *s, int n)
|
||||
{
|
||||
size_t len = strlen(s);
|
||||
size_t i, j;
|
||||
|
||||
for (i = r->cons; i + len <= r->prod; i++) {
|
||||
for (i = r->cons + n; i + len <= r->prod; i++) {
|
||||
for (j = 0; s[j] && s[j] == (char)r->buf[(i + j) % RING_SIZE]; j++)
|
||||
;
|
||||
if (!s[j])
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue