From 3af5693d386414baaa508544e24c9f779efe9a88 Mon Sep 17 00:00:00 2001 From: AMS21 Date: Mon, 20 Nov 2023 12:11:24 +0100 Subject: [PATCH 1/2] xrCore: Sanitize `UserName` and `CompName` --- src/xrCore/xrCore.cpp | 47 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 8 deletions(-) diff --git a/src/xrCore/xrCore.cpp b/src/xrCore/xrCore.cpp index 42bdb0bf71f..632d72349df 100644 --- a/src/xrCore/xrCore.cpp +++ b/src/xrCore/xrCore.cpp @@ -65,6 +65,27 @@ const pcstr xrCore::buildDate = __DATE__; const pcstr xrCore::buildCommit = MACRO_TO_STRING(GIT_INFO_CURRENT_COMMIT); const pcstr xrCore::buildBranch = MACRO_TO_STRING(GIT_INFO_CURRENT_BRANCH); +void SanitizeString(pcstr str) +{ + pstr mut_str = const_cast(str); + + while(*mut_str != '\0') + { + switch (*mut_str) + { + case '\\': + case '/': + case ',': + case '.': + *mut_str = '_'; + [[fallthrough]]; + + default: + ++mut_str; + } + } +} + xrCore::xrCore() : ApplicationName{}, ApplicationPath{}, WorkingPath{}, @@ -221,21 +242,31 @@ void xrCore::Initialize(pcstr _ApplicationName, pcstr commandLine, LogCallback c #elif defined(XR_PLATFORM_LINUX) || defined(XR_PLATFORM_BSD) || defined(XR_PLATFORM_APPLE) uid_t uid = geteuid(); struct passwd *pw = getpwuid(uid); - if(pw) + if (pw) { - strcpy(UserName, pw->pw_gecos); - char* pos = strchr(UserName, ','); // pw_gecos return string - if(NULL != pos) - *pos = 0; - if(0 == UserName[0]) - strcpy(UserName, pw->pw_name); + strncpy(UserName, pw->pw_gecos, sizeof(UserName) - 1); + if(UserName[0] == '\0') + strncpy(UserName, pw->pw_name, sizeof(UserName) - 1); } + else + Msg("! Failed to get user name"); - gethostname(CompName, sizeof(CompName)); + if (gethostname(CompName, sizeof(CompName)) == 0) + CompName[sizeof(CompName) - 1] = '\0'; + else + Msg("! Failed to get computer name"); #else # error Select or add implementation for your platform #endif + SanitizeString(UserName); + SanitizeString(CompName); + +#ifdef DEBUG + Msg("UserName: %s", UserName); + Msg("ComputerName: %s", CompName); +#endif + Memory._initialize(); SDL_LogSetOutputFunction(SDLLogOutput, nullptr); From ca0c92541ccda0870ba0203f41e1c90ac2330f55 Mon Sep 17 00:00:00 2001 From: Sultan Uramaev Date: Sat, 6 Apr 2024 02:13:50 +0500 Subject: [PATCH 2/2] Apply suggestions from code review --- src/xrCore/xrCore.cpp | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/src/xrCore/xrCore.cpp b/src/xrCore/xrCore.cpp index 632d72349df..bfc56bdcb2b 100644 --- a/src/xrCore/xrCore.cpp +++ b/src/xrCore/xrCore.cpp @@ -69,19 +69,18 @@ void SanitizeString(pcstr str) { pstr mut_str = const_cast(str); - while(*mut_str != '\0') + while (*mut_str != '\0') { switch (*mut_str) { - case '\\': - case '/': - case ',': - case '.': - *mut_str = '_'; - [[fallthrough]]; - - default: - ++mut_str; + case '\\': + case '/': + case ',': + case '.': + *mut_str = '_'; + [[fallthrough]]; + default: + ++mut_str; } } } @@ -245,7 +244,7 @@ void xrCore::Initialize(pcstr _ApplicationName, pcstr commandLine, LogCallback c if (pw) { strncpy(UserName, pw->pw_gecos, sizeof(UserName) - 1); - if(UserName[0] == '\0') + if (UserName[0] == '\0') strncpy(UserName, pw->pw_name, sizeof(UserName) - 1); } else