From 123370f2eef5750b1dcb95dc9d193ae0fb0f4ef4 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 15 Jan 2024 22:34:27 +0100 Subject: [PATCH] Sanitize lang_code and full_version received from client fixes #14262 --- src/clientiface.cpp | 26 ++++++++++++++++++++++---- src/clientiface.h | 12 +++--------- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/src/clientiface.cpp b/src/clientiface.cpp index e609c98f6..c4870bc65 100644 --- a/src/clientiface.cpp +++ b/src/clientiface.cpp @@ -33,6 +33,18 @@ with this program; if not, write to the Free Software Foundation, Inc., #include "util/srp.h" #include "face_position_cache.h" +static std::string string_sanitize_ascii(const std::string &s, u32 max_length) +{ + std::string out; + for (char c : s) { + if (out.size() >= max_length) + break; + if (c > 32 && c < 127) + out.push_back(c); + } + return out; +} + const char *ClientInterface::statenames[] = { "Invalid", "Disconnecting", @@ -46,8 +58,6 @@ const char *ClientInterface::statenames[] = { "SudoMode", }; - - std::string ClientInterface::state2Name(ClientState state) { return statenames[state]; @@ -633,9 +643,17 @@ void RemoteClient::resetChosenMech() chosen_mech = AUTH_MECHANISM_NONE; } -u64 RemoteClient::uptime() const +void RemoteClient::setVersionInfo(u8 major, u8 minor, u8 patch, const std::string &full) { - return porting::getTimeS() - m_connection_time; + m_version_major = major; + m_version_minor = minor; + m_version_patch = patch; + m_full_version = string_sanitize_ascii(full, 64); +} + +void RemoteClient::setLangCode(const std::string &code) +{ + m_lang_code = string_sanitize_ascii(code, 12); } ClientInterface::ClientInterface(const std::shared_ptr & con) diff --git a/src/clientiface.h b/src/clientiface.h index 261c09fce..3fe689e28 100644 --- a/src/clientiface.h +++ b/src/clientiface.h @@ -329,16 +329,10 @@ public: { serialization_version = m_pending_serialization_version; } /* get uptime */ - u64 uptime() const; + u64 uptime() const { return porting::getTimeS() - m_connection_time; } /* set version information */ - void setVersionInfo(u8 major, u8 minor, u8 patch, const std::string &full) - { - m_version_major = major; - m_version_minor = minor; - m_version_patch = patch; - m_full_version = full; - } + void setVersionInfo(u8 major, u8 minor, u8 patch, const std::string &full); /* read version information */ u8 getMajor() const { return m_version_major; } @@ -346,7 +340,7 @@ public: u8 getPatch() const { return m_version_patch; } const std::string &getFullVer() const { return m_full_version; } - void setLangCode(const std::string &code) { m_lang_code = code; } + void setLangCode(const std::string &code); const std::string &getLangCode() const { return m_lang_code; } void setCachedAddress(const Address &addr) { m_addr = addr; }