From d41fd0ee43ff42defee9a7225046732220200ef9 Mon Sep 17 00:00:00 2001 From: Marko Lindqvist Date: Tue, 12 Apr 2022 21:36:35 +0300 Subject: [PATCH 20/20] savegame: Turn unquote_block() asserts to sanity checks They should be done even when asserts are disabled, as they are checking external data (savegame) See osdn #44211 Signed-off-by: Marko Lindqvist --- server/savegame2.c | 26 +++++++++++++++++++++----- server/savegame3.c | 26 +++++++++++++++++++++----- 2 files changed, 42 insertions(+), 10 deletions(-) diff --git a/server/savegame2.c b/server/savegame2.c index a31103ad41..cca2d394f2 100644 --- a/server/savegame2.c +++ b/server/savegame2.c @@ -693,23 +693,39 @@ static int unquote_block(const char *const quoted_, void *dest, const char *quoted = quoted_; parsed = sscanf(quoted, "%d", &length); - fc_assert_ret_val(1 == parsed, 0); + + if (parsed != 1) { + log_error(_("Syntax error in attribute block.")); + return 0; + } if (length > dest_length) { return 0; } + quoted = strchr(quoted, ':'); - fc_assert_ret_val(quoted != NULL, 0); + + if (quoted == NULL) { + log_error(_("Syntax error in attribute block.")); + return 0; + } + quoted++; for (i = 0; i < length; i++) { tmp = strtol(quoted, &endptr, 16); - fc_assert_ret_val((endptr - quoted) == 2, 0); - fc_assert_ret_val(*endptr == ' ', 0); - fc_assert_ret_val((tmp & 0xff) == tmp, 0); + + if ((endptr - quoted) != 2 + || *endptr != ' ' + || (tmp & 0xff) != tmp) { + log_error(_("Syntax error in attribute block.")); + return 0; + } + ((unsigned char *) dest)[i] = tmp; quoted += 3; } + return length; } diff --git a/server/savegame3.c b/server/savegame3.c index 8fc3a4a8e3..caaac10f17 100644 --- a/server/savegame3.c +++ b/server/savegame3.c @@ -911,23 +911,39 @@ static int unquote_block(const char *const quoted_, void *dest, const char *quoted = quoted_; parsed = sscanf(quoted, "%d", &length); - fc_assert_ret_val(1 == parsed, 0); + + if (parsed != 1) { + log_error(_("Syntax error in attribute block.")); + return 0; + } if (length > dest_length) { return 0; } + quoted = strchr(quoted, ':'); - fc_assert_ret_val(quoted != NULL, 0); + + if (quoted == NULL) { + log_error(_("Syntax error in attribute block.")); + return 0; + } + quoted++; for (i = 0; i < length; i++) { tmp = strtol(quoted, &endptr, 16); - fc_assert_ret_val((endptr - quoted) == 2, 0); - fc_assert_ret_val(*endptr == ' ', 0); - fc_assert_ret_val((tmp & 0xff) == tmp, 0); + + if ((endptr - quoted) != 2 + || *endptr != ' ' + || (tmp & 0xff) != tmp) { + log_error(_("Syntax error in attribute block.")); + return 0; + } + ((unsigned char *) dest)[i] = tmp; quoted += 3; } + return length; } -- 2.35.1