Add missing checks to texture caching

diff --git a/src/client.cpp b/src/client.cpp
index aca38b166e8c7655fb4d22b28ba0e906ce3541ab..38ed1497876bfe34c105fa327b602627a47fcce1 100644 (file)
--- a/src/client.cpp
+++ b/src/client.cpp
@@ -1276,6 +1276,13 @@ void Client::ProcessData(u8 *data, u32 datasize, u16 sender_peer_id)
                        //read texture from cache
                        std::string name = deSerializeString(is);
                        std::string sha1_texture = deSerializeString(is);
+                       
+                       // if name contains illegal characters, ignore the texture
+                       if(!string_allowed(name, TEXTURENAME_ALLOWED_CHARS)){
+                               errorstream<<"Client: ignoring illegal texture name "
+                                               <<"sent by server: \""<<name<<"\""<<std::endl;
+                               continue;
+                       }
 
                        std::string tpath = getTextureCacheDir() + DIR_DELIM + name;
                        // Read data
@@ -1371,8 +1378,6 @@ void Client::ProcessData(u8 *data, u32 datasize, u16 sender_peer_id)
                                for each texture {
                                        u16 length of name
                                        string name
-                                       u16 length of path
-                                       string path
                                }
                 */
                std::ostringstream os(std::ios_base::binary);
@@ -1439,6 +1444,14 @@ void Client::ProcessData(u8 *data, u32 datasize, u16 sender_peer_id)
                for(int i=0; i<num_textures; i++){
                        std::string name = deSerializeString(is);
                        std::string data = deSerializeLongString(is);
+
+                       // if name contains illegal characters, ignore the texture
+                       if(!string_allowed(name, TEXTURENAME_ALLOWED_CHARS)){
+                               errorstream<<"Client: ignoring illegal texture name "
+                                               <<"sent by server: \""<<name<<"\""<<std::endl;
+                               continue;
+                       }
+
                        // Silly irrlicht's const-incorrectness
                        Buffer<char> data_rw(data.c_str(), data.size());
                        // Create an irrlicht memory file

diff --git a/src/clientserver.h b/src/clientserver.h
index 3f97d37325492436db57d9bba575b55b9b2df26f..43de689e4af4f5f962ed2e0dd483feb401918af5 100644 (file)
--- a/src/clientserver.h
+++ b/src/clientserver.h
@@ -48,6 +48,8 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 #define PASSWORD_SIZE 28       // Maximum password length. Allows for
                                // base64-encoded SHA-1 (27+\0).
 
+#define TEXTURENAME_ALLOWED_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_."
+
 enum ToClientCommand
 {
        TOCLIENT_INIT = 0x10,

diff --git a/src/server.cpp b/src/server.cpp
index 8bf9eee3841eb71b98a53e92d756ab84c8961404..d1a71bdbc75f605a114911d63e98831f41ebe565 100644 (file)
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -4273,6 +4273,12 @@ void Server::PrepareTextures() {
                                if(dirlist[j].dir) // Ignode dirs
                                        continue;
                                std::string tname = dirlist[j].name;
+                               // if name contains illegal characters, ignore the texture
+                               if(!string_allowed(tname, TEXTURENAME_ALLOWED_CHARS)){
+                                       errorstream<<"Server: ignoring illegal texture name: \""
+                                                       <<tname<<"\""<<std::endl;
+                                       continue;
+                               }
                                std::string tpath = texturepath + DIR_DELIM + tname;
                                // Read data
                                std::ifstream fis(tpath.c_str(), std::ios_base::binary);
@@ -4300,6 +4306,11 @@ void Server::PrepareTextures() {
                                                        <<tname<<"\""<<std::endl;
                                        continue;
                                }
+                               if(tmp_os.str().length() == 0){
+                                       errorstream<<"Server::PrepareTextures(): Empty file \""
+                                                       <<tpath<<"\""<<std::endl;
+                                       continue;
+                               }
 
                                SHA1 sha1;
                                sha1.addBytes(tmp_os.str().c_str(), tmp_os.str().length());
@@ -4332,7 +4343,7 @@ struct SendableTextureAnnouncement
 void Server::SendTextureAnnouncement(u16 peer_id){
        DSTACK(__FUNCTION_NAME);
 
-       infostream<<"Server::SendTextureAnnouncement(): Calculate sha1 sums of textures and send to client"<<std::endl;
+       infostream<<"Server::SendTextureAnnouncement()"<<std::endl;
 
        core::list<SendableTextureAnnouncement> texture_announcements;
 
@@ -4407,6 +4418,11 @@ void Server::SendTexturesRequested(u16 peer_id,core::list<TextureRequest> tosend
        u32 texture_size_bunch_total = 0;
 
        for(core::list<TextureRequest>::Iterator i = tosend.begin(); i != tosend.end(); i++) {
+               if(m_Textures.find(i->name) == m_Textures.end()){
+                       errorstream<<"Server::SendTexturesRequested(): Client asked for "
+                                       <<"unknown texture \""<<(i->name)<<"\""<<std::endl;
+                       continue;
+               }
 
                //TODO get path + name
                std::string tpath = m_Textures[(*i).name].path;