server: fix out-of-range substring call in OOB handling

blattersturm · blattersturm · commit 759328e8fe69 · 2019-01-02T08:14:39.000+01:00
diff --git a/code/components/citizen-server-impl/src/GameServer.cpp b/code/components/citizen-server-impl/src/GameServer.cpp
@@ -846,43 +846,55 @@ namespace fx
 
 				gscomms_execute_callback_on_main_thread([=]()
 				{
-					int spacePos = data.find_first_of(" \n");
+					try
+					{
+						int spacePos = data.find_first_of(" \n");
 
-					auto password = data.substr(0, spacePos);
-					auto command = data.substr(spacePos);
+						if (spacePos == std::string::npos)
+						{
+							return;
+						}
 
-					auto serverPassword = server->GetRconPassword();
+						auto password = data.substr(0, spacePos);
+						auto command = data.substr(spacePos);
 
-					std::string printString;
+						auto serverPassword = server->GetRconPassword();
 
-					PrintListenerContext context([&](const std::string_view& print)
-					{
-						printString += print;
-					});
+						std::string printString;
 
-					ScopeDestructor destructor([&]()
-					{
-						server->SendOutOfBand(from, "print " + printString);
-					});
+						PrintListenerContext context([&](const std::string_view& print)
+						{
+							printString += print;
+						});
 
-					if (serverPassword.empty())
-					{
-						trace("The server must set rcon_password to be able to use this command.\n");
-						return;
-					}
+						ScopeDestructor destructor([&]()
+						{
+							server->SendOutOfBand(from, "print " + printString);
+						});
 
-					if (password != serverPassword)
-					{
-						trace("Invalid password.\n");
-						return;
-					}
+						if (serverPassword.empty())
+						{
+							trace("The server must set rcon_password to be able to use this command.\n");
+							return;
+						}
 
-					auto ctx = server->GetInstance()->GetComponent<console::Context>();
-					ctx->ExecuteBuffer();
+						if (password != serverPassword)
+						{
+							trace("Invalid password.\n");
+							return;
+						}
+
+						auto ctx = server->GetInstance()->GetComponent<console::Context>();
+						ctx->ExecuteBuffer();
+
+						se::ScopedPrincipal principalScope(se::Principal{ "system.console" });
+						ctx->AddToBuffer(std::string(command));
+						ctx->ExecuteBuffer();
+					}
+					catch (std::exception& e)
+					{
 
-					se::ScopedPrincipal principalScope(se::Principal{ "system.console" });
-					ctx->AddToBuffer(std::string(command));
-					ctx->ExecuteBuffer();
+					}
 				});
 			}
 
