void trap_SendServerCommand( int clientNum, const char *text ) {
//JAC - 1022 character fix
// rain - hack - commands over 1022 chars will crash the
// client upon receipt, so ignore them
if ( strlen( text ) > 1022 ) {
G_SecurityLogPrintf( "trap_SendServerCommand( %d, ... ) length exceeds 1022.\n", clientNum );
G_SecurityLogPrintf( "text [%s]\n", text );
return;
}
Q_syscall( G_SEND_SERVER_COMMAND, clientNum, text );
}
static int GLua_SecurityLogPrint( lua_State *L )
{
// Same thing as GLua_Print, but we're doing this in the security log
char *msg;
int i;
int args = lua_gettop(L);
const char *res;
char buff[16384] = {0};
char *nl;
// Concat all args and use that as the print
GLua_Push_ToString(L);
for (i = 1; i <= args; i++)
{
lua_pushvalue(L,-1);
lua_pushvalue(L, i);
lua_call(L, 1, 1); // Assume this will never error out
res = lua_tostring(L,-1);
if (res) {
Q_strcat(&buff[0], sizeof(buff), res);
}
lua_pop(L,1);
}
lua_pop(L,1);
msg = &buff[0];
nl = msg;
while (1) {
if ( !(*nl) ) {
if ( *msg ) {
assert( strlen( msg ) < 4095 ); // Failsafe, this should never happen (4096 is engine MAXPRINTMSG, accomodate for the added \n in the next call)
G_SecurityLogPrintf( "%s\n", msg );
}
break;
}
if ( *nl == '\n' ) {
*nl = '\0';
assert( strlen( msg ) < 4095 ); // Failsafe, this should never happen
G_SecurityLogPrintf( "%s\n", msg );
msg = nl + 1;
*nl = '\n';
}
nl++;
}
return 0;
}
static void USED DoneDL_Handler( client_t *client )
{
// fix: set CS_PRIMED only when CS_CONNECTED is current state
if ( client->state == CS_CONNECTED )
client->state = CS_PRIMED;
else
{
char tmpIP[NET_ADDRSTRMAXLEN] = {0};
NET_AddrToString( tmpIP, sizeof( tmpIP ), &client->netchan.remoteAddress );
G_SecurityLogPrintf( "Client %d (%s) probably tried \"donedl\" exploit when client->state(%d)!=CS_CONNECTED(%d) [IP: %s]\n", client->gentity->s.number, client->name, client->state, CS_CONNECTED, tmpIP );
}
}
static void USED CheckConnectionlessPacket( const char *cmd, const char *ip )
{//Truncate any oversized commands
char *s = (char *)ENG_Cmd_Argv( 1 );
if ( !Q_stricmp( cmd, "getstatus" ) || !Q_stricmp( cmd, "getinfo" ) )
{// We got a risky function here, get arg 1 and truncate if needed
// 32 chars should be more than enough for the challenge number
if ( strlen( s ) > 32 )
{
s[32] = '\0';
G_SecurityLogPrintf( "Attempted q3infoboom from %s with command %s\n", ip, cmd );
}
}
else if ( !Q_stricmp( cmd, "connect" ) || !Q_stricmp( cmd, "rcon" ) )
{
if ( strlen( s ) > 980 )
{
s[980] = '\0';
G_SecurityLogPrintf( "Attempted q3infoboom from %s with command %s\n", ip, cmd );
}
}
}
void Svcmd_Say_f( void ) {
char *p = NULL;
// don't let text be too long for malicious reasons
char text[MAX_SAY_TEXT] = {0};
if ( trap->Argc () < 2 )
return;
p = ConcatArgs( 1 );
if ( strlen( p ) >= MAX_SAY_TEXT ) {
p[MAX_SAY_TEXT-1] = '\0';
G_SecurityLogPrintf( "Cmd_Say_f from -1 (server) has been truncated: %s\n", p );
}
Q_strncpyz( text, p, sizeof(text) );
Q_strstrip( text, "\n\r", " " );
//G_LogPrintf( "say: server: %s\n", text );
trap->SendServerCommand( -1, va("print \"server: %s\n\"", text ) );
}
