From: divverent Date: Wed, 25 Apr 2007 08:38:40 +0000 (+0000) Subject: prevent abuse by ending netname with a ^: if the name is not a valid colored string... X-Git-Tag: xonotic-v0.1.0preview~3248 X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=95309c266f9406fb010e30aa1383efe84082270c;p=xonotic%2Fdarkplaces.git prevent abuse by ending netname with a ^: if the name is not a valid colored string, add a ^ if possible, and if there is no space for it, remove the trailing ^ git-svn-id: svn://svn.icculus.org/twilight/trunk/darkplaces@7190 d7cf8633-e32d-0410-b094-e92efae38249 --- diff --git a/host_cmd.c b/host_cmd.c index 07c92aa2..de921fdf 100644 --- a/host_cmd.c +++ b/host_cmd.c @@ -737,6 +737,7 @@ cvar_t cl_name = {CVAR_SAVE | CVAR_NQUSERINFOHACK, "_cl_name", "player", "intern void Host_Name_f (void) { int i, j; + qboolean valid_colors; char newName[sizeof(host_client->name)]; if (Cmd_Argc () == 1) @@ -771,6 +772,27 @@ void Host_Name_f (void) // point the string back at updateclient->name to keep it safe strlcpy (host_client->name, newName, sizeof (host_client->name)); + + COM_StringLengthNoColors(host_client->name, &valid_colors); + if(!valid_colors) // NOTE: this also proves the string is not empty, as "" is a valid colored string + { + size_t l; + l = strlen(host_client->name); + if(l < sizeof(host_client->name) - 1) + { + // duplicate the color tag to escape it + host_client->name[i] = STRING_COLOR_TAG; + host_client->name[i+1] = 0; + //Con_DPrintf("abuse detected, adding another trailing color tag\n"); + } + else + { + // remove the last character to fix the color code + host_client->name[l-1] = 0; + //Con_DPrintf("abuse detected, removing a trailing color tag\n"); + } + } + host_client->edict->fields.server->netname = PRVM_SetEngineString(host_client->name); if (strcmp(host_client->old_name, host_client->name)) {