Skip to content

Commit

Permalink
sanitise vote reason strings
Browse files Browse the repository at this point in the history
  • Loading branch information
@ac-stef
ac-stef committed Jan 21, 2016
1 parent 48d09fc commit 1e5e05f
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 7 deletions.
11 changes: 6 additions & 5 deletions source/src/server.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2139,7 +2139,7 @@ struct voteinfo
enet_uint32 host;

voteinfo() : boot(0), owner(0), callmillis(0), result(VOTE_NEUTRAL), action(NULL), gonext(false), host(0) {}
~voteinfo() { delete action; }
~voteinfo() { DELETEP(action); }

void end(int result)
{
Expand Down Expand Up @@ -2819,8 +2819,7 @@ void process(ENetPacket *packet, int sender, int chan)
if(type!=SV_POS && type!=SV_POSC && type!=SV_CLIENTPING && type!=SV_PING && type!=SV_CLIENT)
{
DEBUGVAR(cl->name);
ASSERT(type>=0 && type<SV_NUM);
DEBUGVAR(messagenames[type]);
if(type >= 0) { DEBUGVAR(messagenames[type]); }
protocoldebug(DEBUGCOND);
}
else protocoldebug(false);
Expand Down Expand Up @@ -3504,21 +3503,23 @@ void process(ENetPacket *packet, int sender, int chan)
{
vi->num1 = cn2boot = getint(p);
getstring(text, p);
text[61] = '\0';
strncpy(vi->text,text,128);
filtertext(text, text, FTXT__KICKBANREASON);
trimtrailingwhitespace(text);
vi->action = new kickaction(cn2boot, newstring(text, 128));
if(strlen(text) > 3 && !strstr(text, " ")) vi->action = new kickaction(cn2boot, text);
vi->boot = 1;
break;
}
case SA_BAN:
{
vi->num1 = cn2boot = getint(p);
getstring(text, p);
text[61] = '\0';
strncpy(vi->text,text,128);
filtertext(text, text, FTXT__KICKBANREASON);
trimtrailingwhitespace(text);
vi->action = new banaction(cn2boot, newstring(text, 128));
if(strlen(text) > 3 && !strstr(text, " ")) vi->action = new banaction(cn2boot, text);
vi->boot = 2;
break;
}
Expand Down
4 changes: 2 additions & 2 deletions source/src/serveractions.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ struct kickaction : playeraction
{
wasvalid = false;
role = roleconf('k');
if(isvalid() && strlen(reason) > 3 && valid_client(cn))
if(isvalid())
{
wasvalid = true;
formatstring(desc)("kick player %s, reason: %s", clients[cn]->name, reason);
Expand All @@ -224,7 +224,7 @@ struct banaction : playeraction
{
wasvalid = false;
role = roleconf('b');
if(isvalid() && strlen(reason) > 3)
if(isvalid())
{
wasvalid = true;
formatstring(desc)("ban player %s, reason: %s", clients[cn]->name, reason);
Expand Down

1 comment on commit 1e5e05f

@GreenLunar
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wondered how users conduct poll hack.
More than once, I have seen this manipulation in action.

Trapo called a vote:
kick player MathiasB, reason: vote abuse (4831443 gemakills, 785 guys vote abused)
----
3 yes vs. 9 no
vote FAILED

Please sign in to comment.