This is a fork of Zandronum used on servers hosted by The Sentinels Playground (TSPG).
| Revision | b9a1f917b4bf2a16a13609908d38c8c215e6d76d (tree) |
|---|---|
| Time | 2021-11-07 13:25:15 |
| Author | Adam Kaminski <kaminskiadam9@gmai...> |
| Commiter | Adam Kaminski |
Make sure we've read the entire byte stream of a CLC_SAY command before making any important checks. Also added a check so that clients can't maliciously send private messages to themselves.
src/sv_main.cpp (diff)| @@ -5715,6 +5715,12 @@ | ||
| 5715 | 5715 | |
| 5716 | 5716 | // [AK] If we're sending a private message to a player, get their index number. |
| 5717 | 5717 | if ( ulChatMode == CHATMODE_PRIVATE_SEND ) |
| 5718 | + ulReceiver = pByteStream->ReadByte(); | |
| 5719 | + | |
| 5720 | + // Read in the chat string. | |
| 5721 | + const char *pszChatString = pByteStream->ReadString(); | |
| 5722 | + | |
| 5723 | + if ( ulChatMode == CHATMODE_PRIVATE_SEND ) | |
| 5718 | 5724 | { |
| 5719 | 5725 | // [AK] Don't send the message if we disabled private messaging. |
| 5720 | 5726 | if ( zadmflags & ZADF_NO_PRIVATE_CHAT ) |
| @@ -5723,11 +5729,13 @@ | ||
| 5723 | 5729 | return ( false ); |
| 5724 | 5730 | } |
| 5725 | 5731 | |
| 5726 | - ulReceiver = pByteStream->ReadByte(); | |
| 5727 | - } | |
| 5728 | - | |
| 5729 | - // Read in the chat string. | |
| 5730 | - const char *pszChatString = pByteStream->ReadString(); | |
| 5732 | + // [AK] Don't let the client send a private message to themselves. | |
| 5733 | + if ( ulPlayer == ulReceiver ) | |
| 5734 | + { | |
| 5735 | + SERVER_PrintfPlayer( ulPlayer, "You can't send private messages to yourself.\n" ); | |
| 5736 | + return ( false ); | |
| 5737 | + } | |
| 5738 | + } | |
| 5731 | 5739 | |
| 5732 | 5740 | // [BB] If the client is flooding the server with commands, the client is |
| 5733 | 5741 | // kicked and we don't need to handle the command. |
akmdm
Fork