Fixed an off-by-one error in Info_Validate when checking the length of the whole string.

Made Info_Validate more strict, no longer allow non-printable or high bit characters.
author: Andrey Nazarov <skuller@skuller.net> 2009-09-05 12:03:15 +0000
committer: Andrey Nazarov <skuller@skuller.net> 2009-09-05 12:03:15 +0000
commit: f1d3a7ffd40a0e6768b220cf76d05db3c57c3e89 (patch)
tree: 8da79de23fbd384110bd61ccb51968dc4807dee4 /source/q_shared.c
parent: a212ea6fb40dab69a40f2ef5db0efe3ae9526301 (diff)
1 files changed, 21 insertions, 14 deletions
diff --git a/source/q_shared.c b/source/q_shared.c
index c349586..5019256 100644
--- a/source/q_shared.c
+++ b/source/q_shared.c
@@ -1116,30 +1116,35 @@ Also checks the length of keys/values and the whole string.
 ==================
 */
 qboolean Info_Validate( const char *s ) {
-    const char  *start;
-    int         c, len;
+    size_t len, total;
+    int c;
     
-    start = s;
+    total = 0;
     while( 1 ) {
         //
         // validate key
         //
         if( *s == '\\' ) {
             s++;
+            if( ++total == MAX_INFO_STRING ) {
+                return qfalse;    // oversize infostring
+            }
         }
         if( !*s ) {
             return qfalse;    // missing key
         }
         len = 0;
         while( *s != '\\' ) {
-            c = *s & 127;
-            if( c == '\\' || c == '\"' || c == ';' ) {
+            c = *s++;
+            if( !Q_isprint( c ) || c == '\"' || c == ';' ) {
                 return qfalse;    // illegal characters
             }
-            if( len == MAX_INFO_KEY - 1 ) {
+            if( ++len == MAX_INFO_KEY ) {
                 return qfalse;    // oversize key
             }
-            s++; len++;
+            if( ++total == MAX_INFO_STRING ) {
+                return qfalse;    // oversize infostring
+            }
             if( !*s ) {
                 return qfalse;    // missing value
             }
@@ -1149,23 +1154,25 @@ qboolean Info_Validate( const char *s ) {
         // validate value
         //
         s++;
+        if( ++total == MAX_INFO_STRING ) {
+            return qfalse;    // oversize infostring
+        }
         if( !*s ) {
             return qfalse;    // missing value
         }
         len = 0;
         while( *s != '\\' ) {
-            c = *s & 127;
-            if( c == '\\' || c == '\"' || c == ';' ) {
+            c = *s++;
+            if( !Q_isprint( c ) || c == '\"' || c == ';' ) {
                 return qfalse;    // illegal characters
             }
-            if( len == MAX_INFO_VALUE - 1 ) {
+            if( ++len == MAX_INFO_VALUE ) {
                 return qfalse;    // oversize value
             }
-            s++; len++;
+            if( ++total == MAX_INFO_STRING ) {
+                return qfalse;    // oversize infostring
+            }
             if( !*s ) {
-                if( s - start > MAX_INFO_STRING ) {
-                    return qfalse;
-                }
                 return qtrue;    // end of string
             }
         }
author	Andrey Nazarov <skuller@skuller.net>	2009-09-05 12:03:15 +0000
committer	Andrey Nazarov <skuller@skuller.net>	2009-09-05 12:03:15 +0000
commit	f1d3a7ffd40a0e6768b220cf76d05db3c57c3e89 (patch)
tree	8da79de23fbd384110bd61ccb51968dc4807dee4 /source/q_shared.c
parent	a212ea6fb40dab69a40f2ef5db0efe3ae9526301 (diff)