Sanitize lang_code and full_version received from client

fixes #14262
minetest · Jan 17, 2024 · e8008c1 · e8008c1
1 parent bdc124b
commit e8008c1
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 13 deletions.
diff --git a/src/clientiface.cpp b/src/clientiface.cpp
@@ -33,6 +33,18 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 #include "util/srp.h"
 #include "face_position_cache.h"
 
+static std::string string_sanitize_ascii(const std::string &s, u32 max_length)
+{
+	std::string out;
+	for (char c : s) {
+		if (out.size() >= max_length)
+			break;
+		if (c > 32 && c < 127)
+			out.push_back(c);
+	}
+	return out;
+}
+
 const char *ClientInterface::statenames[] = {
 	"Invalid",
 	"Disconnecting",
@@ -46,8 +58,6 @@ const char *ClientInterface::statenames[] = {
 	"SudoMode",
 };
 
-
-
 std::string ClientInterface::state2Name(ClientState state)
 {
 	return statenames[state];
@@ -639,9 +649,17 @@ void RemoteClient::resetChosenMech()
 	chosen_mech = AUTH_MECHANISM_NONE;
 }
 
-u64 RemoteClient::uptime() const
+void RemoteClient::setVersionInfo(u8 major, u8 minor, u8 patch, const std::string &full)
+{
+	m_version_major = major;
+	m_version_minor = minor;
+	m_version_patch = patch;
+	m_full_version = string_sanitize_ascii(full, 64);
+}
+
+void RemoteClient::setLangCode(const std::string &code)
 {
-	return porting::getTimeS() - m_connection_time;
+	m_lang_code = string_sanitize_ascii(code, 12);
 }
 
 ClientInterface::ClientInterface(const std::shared_ptr<con::Connection> & con)

diff --git a/src/clientiface.h b/src/clientiface.h
@@ -329,24 +329,18 @@ class RemoteClient
 		{ serialization_version = m_pending_serialization_version; }
 
 	/* get uptime */
-	u64 uptime() const;
+	u64 uptime() const { return porting::getTimeS() - m_connection_time; }
 
 	/* set version information */
-	void setVersionInfo(u8 major, u8 minor, u8 patch, const std::string &full)
-	{
-		m_version_major = major;
-		m_version_minor = minor;
-		m_version_patch = patch;
-		m_full_version = full;
-	}
+	void setVersionInfo(u8 major, u8 minor, u8 patch, const std::string &full);
 
 	/* read version information */
 	u8 getMajor() const { return m_version_major; }
 	u8 getMinor() const { return m_version_minor; }
 	u8 getPatch() const { return m_version_patch; }
 	const std::string &getFullVer() const { return m_full_version; }
 
-	void setLangCode(const std::string &code) { m_lang_code = code; }
+	void setLangCode(const std::string &code);
 	const std::string &getLangCode() const { return m_lang_code; }
 
 	void setCachedAddress(const Address &addr) { m_addr = addr; }