diff options
| author | oy <Tom_Adams@web.de> | 2012-07-08 11:40:23 +0200 |
|---|---|---|
| committer | oy <Tom_Adams@web.de> | 2013-02-24 17:40:41 +0100 |
| commit | 865d0f736588337fc7b8cc925eb84bc2dd2ae7f0 (patch) | |
| tree | a0d34ca29e1010db5df48072e754ca739a5bce11 | |
| parent | 0adaf8a75206bcc3cdba5c4eadd5014a3d696aff (diff) | |
| download | zcatch-865d0f736588337fc7b8cc925eb84bc2dd2ae7f0.tar.gz zcatch-865d0f736588337fc7b8cc925eb84bc2dd2ae7f0.zip | |
limit characters within player names to ascii range to prevent utf8 impersonating
| -rw-r--r-- | src/engine/server/server.cpp | 72 |
1 files changed, 29 insertions, 43 deletions
diff --git a/src/engine/server/server.cpp b/src/engine/server/server.cpp index 704d4e37..611441d8 100644 --- a/src/engine/server/server.cpp +++ b/src/engine/server/server.cpp @@ -36,45 +36,23 @@ #include <windows.h> #endif -static const char *StrUTF8Ltrim(const char *pStr) +static const char *StrLtrim(const char *pStr) { - while(*pStr) - { - const char *pStrOld = pStr; - int Code = str_utf8_decode(&pStr); - - // check if unicode is not empty - if(Code > 0x20 && Code != 0xA0 && Code != 0x034F && (Code < 0x2000 || Code > 0x200F) && (Code < 0x2028 || Code > 0x202F) && - (Code < 0x205F || Code > 0x2064) && (Code < 0x206A || Code > 0x206F) && (Code < 0xFE00 || Code > 0xFE0F) && - Code != 0xFEFF && (Code < 0xFFF9 || Code > 0xFFFC)) - { - return pStrOld; - } - } + while(*pStr && *pStr >= 0 && *pStr <= 32) + pStr++; return pStr; } -static void StrUTF8Rtrim(char *pStr) +static void StrRtrim(char *pStr) { - const char *p = pStr; - const char *pEnd = 0; - while(*p) + int i = str_length(pStr); + while(i >= 0) { - const char *pStrOld = p; - int Code = str_utf8_decode(&p); - - // check if unicode is not empty - if(Code > 0x20 && Code != 0xA0 && Code != 0x034F && (Code < 0x2000 || Code > 0x200F) && (Code < 0x2028 || Code > 0x202F) && - (Code < 0x205F || Code > 0x2064) && (Code < 0x206A || Code > 0x206F) && (Code < 0xFE00 || Code > 0xFE0F) && - Code != 0xFEFF && (Code < 0xFFF9 || Code > 0xFFFC)) - { - pEnd = 0; - } - else if(pEnd == 0) - pEnd = pStrOld; + if(pStr[i] < 0 || pStr[i] > 32) + break; + pStr[i] = 0; + i--; } - if(pEnd != 0) - *(const_cast<char *>(pEnd)) = 0; } @@ -316,8 +294,12 @@ int CServer::TrySetClientName(int ClientID, const char *pName) char aTrimmedName[64]; // trim the name - str_copy(aTrimmedName, StrUTF8Ltrim(pName), sizeof(aTrimmedName)); - StrUTF8Rtrim(aTrimmedName); + str_copy(aTrimmedName, StrLtrim(pName), sizeof(aTrimmedName)); + StrRtrim(aTrimmedName); + + // check for empty names + if(!aTrimmedName[0]) + return -1; // check if new and old name are the same if(m_aClients[ClientID].m_aName[0] && str_comp(m_aClients[ClientID].m_aName, aTrimmedName) == 0) @@ -328,11 +310,6 @@ int CServer::TrySetClientName(int ClientID, const char *pName) Console()->Print(IConsole::OUTPUT_LEVEL_ADDINFO, "server", aBuf); pName = aTrimmedName; - - // check for empty names - if(!pName[0]) - return -1; - // make sure that two clients doesn't have the same name for(int i = 0; i < MAX_CLIENTS; i++) if(i != ClientID && m_aClients[i].m_State >= CClient::STATE_READY) @@ -356,14 +333,23 @@ void CServer::SetClientName(int ClientID, const char *pName) if(!pName) return; - char aNameTry[MAX_NAME_LENGTH]; - str_copy(aNameTry, pName, MAX_NAME_LENGTH); - if(TrySetClientName(ClientID, aNameTry)) + char aCleanName[MAX_NAME_LENGTH]; + str_copy(aCleanName, pName, sizeof(aCleanName)); + + // clear name + for(char *p = aCleanName; *p; ++p) + { + if(*p < 32) + *p = ' '; + } + + if(TrySetClientName(ClientID, aCleanName)) { // auto rename for(int i = 1;; i++) { - str_format(aNameTry, MAX_NAME_LENGTH, "(%d)%s", i, pName); + char aNameTry[MAX_NAME_LENGTH]; + str_format(aNameTry, sizeof(aCleanName), "(%d)%s", i, aCleanName); if(TrySetClientName(ClientID, aNameTry) == 0) break; } |