Complete.Org: Mailing Lists: Archives: freeciv-dev: January 2003:
[Freeciv-Dev] (PR#2850) prevent 'load' command from killing the server
Home

[Freeciv-Dev] (PR#2850) prevent 'load' command from killing the server

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: undisclosed-recipients:;
Subject: [Freeciv-Dev] (PR#2850) prevent 'load' command from killing the server
From: "Mike Kaufman via RT" <rt@xxxxxxxxxxxxxx>
Date: Fri, 17 Jan 2003 19:09:05 -0800
Reply-to: rt@xxxxxxxxxxxxxx

here's a nice patch which will stop someone from killing the server by
loading a file that's not a savegame. It also adds readline support for
loading games.

It's not foolproof. there are some exits() in registry.c that I'm not
knowledgeable enough to remove, but you have to have badly formed savegame
rather than a non-savegame to trigger those.

-mike

diff -Nur -Xcvs/diff_ignore cvs/common/inputfile.c test-c/common/inputfile.c
--- cvs/common/inputfile.c      Wed Dec 18 12:36:13 2002
+++ test-c/common/inputfile.c   Fri Jan 17 20:17:56 2003
@@ -374,7 +374,9 @@
   while (*c != '\0' && my_isspace(*c)) c++;
 
   if (*c != '\"') {
-    inf_die(inf, "Did not find opening doublequote for '*include' line");
+    inf_log(inf, LOG_ERROR, 
+            "Did not find opening doublequote for '*include' line");
+    return FALSE;
   }
   c++;
   inf->cur_line_pos = c - inf->cur_line.str;
@@ -382,7 +384,9 @@
   bare_name = c;
   while (*c != '\0' && *c != '\"') c++;
   if (*c != '\"') {
-    inf_die(inf, "Did not find closing doublequote for '*include' line");
+    inf_log(inf, LOG_ERROR, 
+            "Did not find closing doublequote for '*include' line");
+    return FALSE;
   }
   *c++ = '\0';
   inf->cur_line_pos = c - inf->cur_line.str;
@@ -390,14 +394,15 @@
   /* check rest of line is well-formed: */
   while (*c != '\0' && my_isspace(*c) && !is_comment(*c)) c++;
   if (!(*c=='\0' || is_comment(*c))) {
-    inf_die(inf, "Junk after filename for '*include' line");
+    inf_log(inf, LOG_ERROR, "Junk after filename for '*include' line");
+    return FALSE;
   }
   inf->cur_line_pos = inf->cur_line.n-1;
 
   full_name = inf->datafn(bare_name);
   if (!full_name) {
-    freelog(LOG_FATAL, "Could not find included file \"%s\"", bare_name);
-    inf_die(inf, NULL);
+    freelog(LOG_ERROR, "Could not find included file \"%s\"", bare_name);
+    return FALSE;
   }
 
   /* avoid recursion: (first filename may not have the same path,
@@ -406,8 +411,9 @@
     struct inputfile *inc = inf;
     do {
       if (inc->filename && strcmp(full_name, inc->filename)==0) {
-       freelog(LOG_FATAL, "Recursion trap on '*include' for \"%s\"", 
full_name);
-       inf_die(inf, NULL);
+        freelog(LOG_ERROR, 
+                "Recursion trap on '*include' for \"%s\"", full_name);
+        return FALSE;
       }
     } while((inc=inc->included_from));
   }
@@ -473,7 +479,8 @@
       if (inf->in_string) {
        /* Note: Don't allow multi-line strings to cross "include"
           boundaries */
-       inf_die(inf, "Multi-line string went to end-of-file");
+       inf_log(inf, LOG_ERROR, "Multi-line string went to end-of-file");
+        return FALSE;
       }
       if (inf->included_from) {
        /* Pop the include, and get next line from file above instead. */
@@ -532,8 +539,7 @@
   current line number etc.  Message can be NULL: then just logs
   information on where we are in the file.
 ***********************************************************************/
-static void inf_log(struct inputfile *inf, int loglevel,
-                   const char *message)
+void inf_log(struct inputfile *inf, int loglevel, const char *message)
 {
   assert_sanity(inf);
 
@@ -560,12 +566,9 @@
   }
 }
 
-void inf_die(struct inputfile *inf, const char *message)
-{
-  inf_log(inf, LOG_FATAL, message);
-  die(message);
-}
-
+/********************************************************************** 
+  ...
+***********************************************************************/
 static void inf_warn(struct inputfile *inf, const char *message)
 {
   inf_log(inf, LOG_NORMAL, message);
@@ -610,9 +613,9 @@
        freelog(LOG_DEBUG, "inputfile: did not find %s", name);
       }
     } else {
-      /* inf_die etc should be varargs... */
-      freelog(LOG_FATAL, "Did not find required token: %s", name);
-      inf_die(inf, NULL);
+      /* should be varargs... */
+      freelog(LOG_ERROR, "Did not find required token: %s", name);
+      return NULL;
     }
   }
   return c;
@@ -877,7 +880,9 @@
     
     if (!read_a_line(inf)) {
       /* shouldn't happen */
-      inf_die(inf, "Bad return for multi-line string from read_a_line");
+      inf_log(inf, LOG_ERROR, 
+              "Bad return for multi-line string from read_a_line");
+      return NULL;
     }
     c = start = inf->cur_line.str;
   }
diff -Nur -Xcvs/diff_ignore cvs/common/inputfile.h test-c/common/inputfile.h
--- cvs/common/inputfile.h      Wed Dec 18 12:36:13 2002
+++ test-c/common/inputfile.h   Fri Jan 17 20:16:00 2003
@@ -49,6 +49,6 @@
 const char *inf_token_required(struct inputfile *inf, enum inf_token_type 
type);
 int inf_discard_tokens(struct inputfile *inf, enum inf_token_type type);
 
-void inf_die(struct inputfile *inf, const char *message);
+void inf_log(struct inputfile *inf, int loglevel, const char *message);
 
 #endif  /* FC__INPUTFILE_H */
diff -Nur -Xcvs/diff_ignore cvs/common/registry.c test-c/common/registry.c
--- cvs/common/registry.c       Fri Dec  6 15:18:06 2002
+++ test-c/common/registry.c    Fri Jan 17 20:48:40 2003
@@ -404,7 +404,8 @@
     tok = inf_token(inf, INF_TOK_SECTION_NAME);
     if (tok) {
       if (table_state) {
-       inf_die(inf, "new section during table");
+       inf_log(inf, LOG_ERROR, "new section during table");
+        return FALSE;
       }
       /* Check if we already have a section with this name.
         (Could ignore this and have a duplicate sections internally,
@@ -431,11 +432,13 @@
       continue;
     }
     if (!psection) {
-      inf_die(inf, "data before first section");
+      inf_log(inf, LOG_ERROR, "data before first section");
+      return FALSE;
     }
     if (inf_token(inf, INF_TOK_TABLE_END)) {
       if (!table_state) {
-       inf_die(inf, "misplaced \"}\"");
+       inf_log(inf, LOG_ERROR, "misplaced \"}\"");
+        return FALSE;
       }
       (void) inf_token_required(inf, INF_TOK_EOL);
       table_state = FALSE;
@@ -446,7 +449,10 @@
       do {
        i++;
        inf_discard_tokens(inf, INF_TOK_EOL);   /* allow newlines */
-       tok = inf_token_required(inf, INF_TOK_VALUE);
+       if (!(tok = inf_token_required(inf, INF_TOK_VALUE))) {
+          return FALSE;
+        }
+
        if (i<columns_tab.n) {
          astr_minsize(&entry_name, base_name.n + 10 + columns[i].n);
          my_snprintf(entry_name.str, entry_name.n_alloc, "%s%d.%s",
@@ -469,7 +475,10 @@
       continue;
     }
     
-    tok = inf_token_required(inf, INF_TOK_ENTRY_NAME);
+    if (!(tok = inf_token_required(inf, INF_TOK_ENTRY_NAME))) {
+      return FALSE;
+    }
+
     /* need to store tok before next calls: */
     astr_minsize(&base_name, strlen(tok)+1);
     strcpy(base_name.str, tok);
@@ -481,9 +490,12 @@
       do {
        i++;
        inf_discard_tokens(inf, INF_TOK_EOL);   /* allow newlines */
-       tok = inf_token_required(inf, INF_TOK_VALUE);
+       if (!(tok = inf_token_required(inf, INF_TOK_VALUE))) {
+          return FALSE;
+        }
        if( tok[0] != '\"' ) {
-         inf_die(inf, "table column header non-string");
+         inf_log(inf, LOG_ERROR, "table column header non-string");
+          return FALSE;
        }
        {       /* expand columns_tab: */
          int j, n_prev;
@@ -509,7 +521,9 @@
     do {
       i++;
       inf_discard_tokens(inf, INF_TOK_EOL);    /* allow newlines */
-      tok = inf_token_required(inf, INF_TOK_VALUE);
+      if (!(tok = inf_token_required(inf, INF_TOK_VALUE))) {
+        return FALSE;
+      }
       if (i==0) {
        pentry = new_entry(sb, base_name.str, tok);
       } else {
diff -Nur -Xcvs/diff_ignore cvs/server/stdinhand.c test-c/server/stdinhand.c
--- cvs/server/stdinhand.c      Sun Dec 22 12:49:47 2002
+++ test-c/server/stdinhand.c   Fri Jan 17 21:01:22 2003
@@ -2970,7 +2970,7 @@
     return;
   }
 
-  /* attempt to load the file */
+  /* attempt to parse the file */
 
   if (!section_file_load_nodup(&file, arg)) {
     cmd_reply(CMD_LOAD, caller, C_FAIL, _("Couldn't load savefile: %s"), arg);
@@ -4095,6 +4095,7 @@
 Commands that may be followed by a filename
 **************************************************************************/
 static const int filename_cmd[] = {
+  CMD_LOAD,
   CMD_SAVE,
   CMD_READ_SCRIPT,
   CMD_WRITE_SCRIPT,

[Prev in Thread] Current Thread [Next in Thread]
  • [Freeciv-Dev] (PR#2850) prevent 'load' command from killing the server, Mike Kaufman via RT <=