void trap_SendServerCommand( int clientNum, const char *text ) { //JAC - 1022 character fix // rain - hack - commands over 1022 chars will crash the // client upon receipt, so ignore them if ( strlen( text ) > 1022 ) { G_SecurityLogPrintf( "trap_SendServerCommand( %d, ... ) length exceeds 1022.\n", clientNum ); G_SecurityLogPrintf( "text [%s]\n", text ); return; } Q_syscall( G_SEND_SERVER_COMMAND, clientNum, text ); }
static int GLua_SecurityLogPrint( lua_State *L ) { // Same thing as GLua_Print, but we're doing this in the security log char *msg; int i; int args = lua_gettop(L); const char *res; char buff[16384] = {0}; char *nl; // Concat all args and use that as the print GLua_Push_ToString(L); for (i = 1; i <= args; i++) { lua_pushvalue(L,-1); lua_pushvalue(L, i); lua_call(L, 1, 1); // Assume this will never error out res = lua_tostring(L,-1); if (res) { Q_strcat(&buff[0], sizeof(buff), res); } lua_pop(L,1); } lua_pop(L,1); msg = &buff[0]; nl = msg; while (1) { if ( !(*nl) ) { if ( *msg ) { assert( strlen( msg ) < 4095 ); // Failsafe, this should never happen (4096 is engine MAXPRINTMSG, accomodate for the added \n in the next call) G_SecurityLogPrintf( "%s\n", msg ); } break; } if ( *nl == '\n' ) { *nl = '\0'; assert( strlen( msg ) < 4095 ); // Failsafe, this should never happen G_SecurityLogPrintf( "%s\n", msg ); msg = nl + 1; *nl = '\n'; } nl++; } return 0; }
static void USED DoneDL_Handler( client_t *client ) { // fix: set CS_PRIMED only when CS_CONNECTED is current state if ( client->state == CS_CONNECTED ) client->state = CS_PRIMED; else { char tmpIP[NET_ADDRSTRMAXLEN] = {0}; NET_AddrToString( tmpIP, sizeof( tmpIP ), &client->netchan.remoteAddress ); G_SecurityLogPrintf( "Client %d (%s) probably tried \"donedl\" exploit when client->state(%d)!=CS_CONNECTED(%d) [IP: %s]\n", client->gentity->s.number, client->name, client->state, CS_CONNECTED, tmpIP ); } }
static void USED CheckConnectionlessPacket( const char *cmd, const char *ip ) {//Truncate any oversized commands char *s = (char *)ENG_Cmd_Argv( 1 ); if ( !Q_stricmp( cmd, "getstatus" ) || !Q_stricmp( cmd, "getinfo" ) ) {// We got a risky function here, get arg 1 and truncate if needed // 32 chars should be more than enough for the challenge number if ( strlen( s ) > 32 ) { s[32] = '\0'; G_SecurityLogPrintf( "Attempted q3infoboom from %s with command %s\n", ip, cmd ); } } else if ( !Q_stricmp( cmd, "connect" ) || !Q_stricmp( cmd, "rcon" ) ) { if ( strlen( s ) > 980 ) { s[980] = '\0'; G_SecurityLogPrintf( "Attempted q3infoboom from %s with command %s\n", ip, cmd ); } } }
void Svcmd_Say_f( void ) { char *p = NULL; // don't let text be too long for malicious reasons char text[MAX_SAY_TEXT] = {0}; if ( trap->Argc () < 2 ) return; p = ConcatArgs( 1 ); if ( strlen( p ) >= MAX_SAY_TEXT ) { p[MAX_SAY_TEXT-1] = '\0'; G_SecurityLogPrintf( "Cmd_Say_f from -1 (server) has been truncated: %s\n", p ); } Q_strncpyz( text, p, sizeof(text) ); Q_strstrip( text, "\n\r", " " ); //G_LogPrintf( "say: server: %s\n", text ); trap->SendServerCommand( -1, va("print \"server: %s\n\"", text ) ); }