Added clencode and cldecode to safe escape messages with clients

2005-10-17 14:36:12 +00:00
parent 6cf5ac3431
commit ce6f83241b
9 changed files with 273 additions and 158 deletions
--- a/mbtask/taskchat.c
+++ b/mbtask/taskchat.c
@@ -404,11 +404,11 @@ char *chat_connect(char *data)
    /*
     * Register with IBC
     */
-    pid = strtok(data, ",");        /* Should be 3  */
-    pid = strtok(NULL, ",");        /* The pid      */
-    realname = strtok(NULL, ",");   /* Username     */
-    nick = strtok(NULL, ",");       /* Mickname     */
-    sys = atoi(strtok(NULL, ";"));  /* Sysop flag   */
+    pid = strtok(data, ",");			    /* Should be 3  */
+    pid = strtok(NULL, ",");			    /* The pid      */
+    realname = xstrcpy(cldecode(strtok(NULL, ",")));/* Username     */
+    nick = xstrcpy(cldecode(strtok(NULL, ",")));    /* Nickname     */
+    sys = atoi(strtok(NULL, ";"));		    /* Sysop flag   */

    add_user(&users, CFG.myfqdn, nick, realname);
    send_all("USER %s@%s %s\r\n", nick, CFG.myfqdn, realname);
@@ -512,8 +512,7 @@ char *chat_put(char *data)
 	
    pid = strtok(data, ",");
    pid = strtok(NULL, ",");
-    msg = strtok(NULL, "\0");
-    msg[strlen(msg)-1] = '\0';
+    msg = xstrcpy(cldecode(strtok(NULL, ";")));

    for (tmpu = users; tmpu; tmpu = tmpu->next) {
 	if (tmpu->pid == atoi(pid)) {
@@ -689,14 +688,17 @@ char *chat_put(char *data)
    }
    Syslog('-', "Pid %s was not connected to chatserver");
    snprintf(buf, 200, "100:2,1,*** ERROR - Not connected to server;");
+    free(msg);
    return buf;

 ack:
    snprintf(buf, 200, "100:0;");
+    free(msg);
    return buf;

 hangup:
    snprintf(buf, 200, "100:2,1,Disconnecting;");
+    free(msg);
    return buf;
 }

@@ -737,7 +739,7 @@ char *chat_get(char *data)
 		    /*
 		     * Message is for us
 		     */
-		    snprintf(buf, 200, "100:2,0,%s;", chat_messages[tmpu->pointer].message);
+		    snprintf(buf, 200, "100:2,0,%s;", clencode(chat_messages[tmpu->pointer].message));
 		    Syslog('-', "%s", buf);
 		    return buf;
 		}
--- a/mbtask/taskcomm.c
+++ b/mbtask/taskcomm.c
@@ -58,19 +58,21 @@ int				cmd_run = FALSE;/* cmd running		*/
 int userlog(char *);
 int userlog(char *param)
 {
-	char		*prname, *prpid, *grade, *msg;
-	static char	lfn[PATH_MAX], token[14];
+    char	*prname, *prpid, *grade, *msg;
+    static char	lfn[PATH_MAX], token[14];
+    int		rc;

-	lfn[0] = '\0';
-	strcpy(token, strtok(param, ","));
-	strcpy(token, strtok(NULL, ","));
-	snprintf(lfn, PATH_MAX, "%s/log/%s", getenv("MBSE_ROOT"), token);
-	prname = strtok(NULL, ",");
-	prpid  = strtok(NULL, ",");
-	grade  = strtok(NULL, ",");
-	msg    = strtok(NULL, "\0");
-	msg[strlen(msg) -1] = '\0';
-	return ulog(lfn, grade, prname, prpid, msg);
+    lfn[0] = '\0';
+    strcpy(token, strtok(param, ","));
+    strcpy(token, strtok(NULL, ","));
+    snprintf(lfn, PATH_MAX, "%s/log/%s", getenv("MBSE_ROOT"), token);
+    prname = strtok(NULL, ",");
+    prpid  = strtok(NULL, ",");
+    grade  = strtok(NULL, ",");
+    msg    = xstrcpy(cldecode(strtok(NULL, ";")));
+    rc = ulog(lfn, grade, prname, prpid, msg);
+    free(msg);
+    return rc;
 }


@@ -519,7 +521,7 @@ char *exe_cmd(char *in)
    }

    /*
-     *  SCLO:1,message;
+     *  SCLO:0;
     *  100:0;
     */
    if (strncmp(cmd, "SCLO", 4) == 0) {
--- a/mbtask/taskinfo.c
+++ b/mbtask/taskinfo.c
@@ -58,7 +58,7 @@ char *get_sysinfo(void)
 	startdate = SYSINFO.StartDate;
 	snprintf(buf, SS_BUFSIZE, "100:7,%d,%d,%d,%d,%d,%s,%s;", SYSINFO.SystemCalls,
 			SYSINFO.Pots, SYSINFO.ISDN, SYSINFO.Network, SYSINFO.Local,
-			ctime(&startdate), SYSINFO.LastCaller);
+			ctime(&startdate), clencode(SYSINFO.LastCaller));
    }

    fclose(fp);
@@ -94,49 +94,53 @@ char *get_lastcallercount(void)

 char *get_lastcallerrec(int Rec)
 {
-	static char		buf[SS_BUFSIZE];
-	char                    *temp, action[9];
-	FILE                    *fp;
+    static char	buf[SS_BUFSIZE];
+    char        *temp, action[9], *name, *city;
+    FILE        *fp;

-	snprintf(buf, SS_BUFSIZE, "201:1,16;");
-	temp = calloc(PATH_MAX, sizeof(char));
-	snprintf(temp, PATH_MAX, "%s/etc/lastcall.data", getenv("MBSE_ROOT"));
-	if ((fp = fopen(temp, "r")) == NULL) {
-		free(temp);
-		return buf;
-	}
-	fread(&LCALLhdr, sizeof(LCALLhdr), 1, fp);
-	fseek(fp, ((Rec -1) * LCALLhdr.recsize) + LCALLhdr.hdrsize, SEEK_SET);
+    snprintf(buf, SS_BUFSIZE, "201:1,16;");
+    temp = calloc(PATH_MAX, sizeof(char));
+    snprintf(temp, PATH_MAX, "%s/etc/lastcall.data", getenv("MBSE_ROOT"));
+    if ((fp = fopen(temp, "r")) == NULL) {
+	free(temp);
+	return buf;
+    }
+    fread(&LCALLhdr, sizeof(LCALLhdr), 1, fp);
+    fseek(fp, ((Rec -1) * LCALLhdr.recsize) + LCALLhdr.hdrsize, SEEK_SET);

-	if (fread(&LCALL, LCALLhdr.recsize, 1, fp) == 1) {
-		LCALL.UserName[15] = '\0';
-		LCALL.Location[12] = '\0';
-		strcpy(action, "--------");
-		if (LCALL.Hidden)
-			action[0] = 'H';
-		if (LCALL.Download)
-			action[1] = 'D';
-		if (LCALL.Upload)
-			action[2] = 'U';
-		if (LCALL.Read)
-			action[3] = 'R';
-		if (LCALL.Wrote)
-			action[4] = 'P';
-		if (LCALL.Chat)
-			action[5] = 'C';
-		if (LCALL.Olr)
-			action[6] = 'O';
-		if (LCALL.Door)
-			action[7] = 'E';
-		action[8] = '\0';
-		snprintf(buf, SS_BUFSIZE, "100:9,%s,%s,%d,%s,%s,%d,%d,%s,%s;", LCALL.UserName, LCALL.Location,
+    if (fread(&LCALL, LCALLhdr.recsize, 1, fp) == 1) {
+	LCALL.UserName[15] = '\0';
+	LCALL.Location[12] = '\0';
+	strcpy(action, "--------");
+	if (LCALL.Hidden)
+	    action[0] = 'H';
+	if (LCALL.Download)
+	    action[1] = 'D';
+	if (LCALL.Upload)
+	    action[2] = 'U';
+	if (LCALL.Read)
+	    action[3] = 'R';
+	if (LCALL.Wrote)
+	    action[4] = 'P';
+	if (LCALL.Chat)
+	    action[5] = 'C';
+	if (LCALL.Olr)
+	    action[6] = 'O';
+	if (LCALL.Door)
+	    action[7] = 'E';
+	action[8] = '\0';
+	name = xstrcpy(clencode(LCALL.UserName));
+	city = xstrcpy(clencode(LCALL.Location));
+	snprintf(buf, SS_BUFSIZE, "100:9,%s,%s,%d,%s,%s,%d,%d,%s,%s;", name, city,
 			LCALL.SecLevel, LCALL.Device, LCALL.TimeOn, 
 			(int)LCALL.CallTime, LCALL.Calls, LCALL.Speed, action);
-	}
+	free(name);
+	free(city);
+    }

-	free(temp);
-	fclose(fp);
-	return buf;
+    free(temp);
+    fclose(fp);
+    return buf;
 }


--- a/mbtask/taskregs.c
+++ b/mbtask/taskregs.c
@@ -76,15 +76,18 @@ int reg_newcon(char *data)
    cnt = strtok(data, ",");
    pid = strtok(NULL, ",");
    tty = strtok(NULL, ",");
-    uid = strtok(NULL, ",");
-    prg = strtok(NULL, ",");
-    city = strtok(NULL, ";");
+    uid = xstrcpy(cldecode(strtok(NULL, ",")));
+    prg = xstrcpy(cldecode(strtok(NULL, ",")));
+    city = xstrcpy(cldecode(strtok(NULL, ";")));

    /*
     * Abort if no empty record is found 
     */
    if ((retval = reg_find((char *)"0")) == -1) {
 	Syslog('?', "Maximum clients (%d) reached", MAXCLIENT);
+	free(uid);
+	free(prg);
+	free(city);
 	return -1;
    }

@@ -110,6 +113,9 @@ int reg_newcon(char *data)
 	mailers++;
    Syslog('-', "Registered client pgm \"%s\", pid %s, slot %d, mailers %d, TCP/IP %d", 
 		prg, pid, retval, mailers, ipmailers);
+    free(uid);
+    free(prg);
+    free(city);
    return retval;
 }

@@ -201,13 +207,16 @@ int reg_doing(char *data)

    cnt = strtok(data, ",");
    pid = strtok(NULL, ",");
-    line = strtok(NULL, ";");
+    line = xstrcpy(cldecode(strtok(NULL, ";")));

-    if ((rec = reg_find(pid)) == -1)
+    if ((rec = reg_find(pid)) == -1) {
+	free(line);
 	return -1;
+    }

    strncpy(reginfo[rec].doing, line, 35);
    reginfo[rec].lastcon = (int)time(NULL);
+    free(line);
    return 0;
 }

@@ -343,15 +352,20 @@ int reg_user(char *data)

    cnt  = strtok(data, ",");
    pid  = strtok(NULL, ",");
-    user = strtok(NULL, ",");
-    city = strtok(NULL, ";");
+    user = xstrcpy(cldecode(strtok(NULL, ",")));
+    city = xstrcpy(cldecode(strtok(NULL, ";")));

-    if ((rec = reg_find(pid)) == -1)
+    if ((rec = reg_find(pid)) == -1) {
+	free(user);
+	free(city);
 	return -1;
+    }

    strncpy((char *)&reginfo[rec].uname, user, 35);
    strncpy((char *)&reginfo[rec].city,  city, 35);
    reginfo[rec].lastcon = (int)time(NULL);
+    free(user);
+    free(city);
    return 0;
 }

@@ -384,7 +398,7 @@ int reg_sysop(char *data)
 */
 char *reg_ipm(char *data)
 {
-    char	*cnt, *pid;
+    char	*cnt, *pid, *name, *msg;
    static char	buf[128];
    int		rec;

@@ -401,7 +415,9 @@ char *reg_ipm(char *data)
 	return buf;

    buf[0] = '\0';
-    snprintf(buf, 128, "100:2,%s,%s;", reginfo[rec].fname[reginfo[rec].ptr_out], reginfo[rec].msg[reginfo[rec].ptr_out]);
+    name = xstrcpy(clencode(reginfo[rec].fname[reginfo[rec].ptr_out]));
+    msg  = xstrcpy(clencode(reginfo[rec].msg[reginfo[rec].ptr_out]));
+    snprintf(buf, 128, "100:2,%s,%s;", name, msg);
    if (reginfo[rec].ptr_out < RB)
 	reginfo[rec].ptr_out++;
    else
@@ -411,6 +427,8 @@ char *reg_ipm(char *data)
    
    Syslog('+', "reg_ipm: in=%d out=%d ismsg=%d", reginfo[rec].ptr_in, reginfo[rec].ptr_out, reginfo[rec].ismsg);

+    free(name);
+    free(msg);
    return buf;
 }

@@ -425,10 +443,9 @@ int reg_spm(char *data)
    int	    i;

    cnt  = strtok(data, ",");
-    from = strtok(NULL, ",");
-    too  = strtok(NULL, ",");
-    txt  = strtok(NULL, "\0");
-    txt[strlen(txt)-1] = '\0';
+    from = xstrcpy(cldecode(strtok(NULL, ",")));
+    too  = xstrcpy(cldecode(strtok(NULL, ",")));
+    txt  = xstrcpy(cldecode(strtok(NULL, ";")));

    Syslog('-', "SIPM:%s,%s,%s,%s;", cnt, from, too, txt);

@@ -440,6 +457,9 @@ int reg_spm(char *data)
 	     *  can't get anymore new messages.
 	     */
 	    if (reginfo[i].ismsg && (reginfo[i].ptr_in == reginfo[i].ptr_out)) {
+		free(from);
+		free(too);
+		free(txt);
 		return 2;
 	    }

@@ -447,6 +467,9 @@ int reg_spm(char *data)
 	     *  If user has the "do not distrurb" flag set, but the sysop ignore's this.
 	     */
 	    if (reginfo[i].silent) {
+		free(from);
+		free(too);
+		free(txt);
 		return 1;
 	    }

@@ -469,10 +492,16 @@ int reg_spm(char *data)
 	    }

 	    Syslog('+', "reg_spm: rec=%d in=%d out=%d ismsg=%d", i, reginfo[i].ptr_in, reginfo[i].ptr_out, reginfo[i].ismsg);
+	    free(from);
+	    free(too);
+	    free(txt);
 	    return 0;
 	}
    }
    
+    free(from);
+    free(too);
+    free(txt);
    return 3;   // Error, user not found
 }

@@ -523,6 +552,7 @@ char *reg_fre(void)
 char *get_reginfo(int first)
 {
    static char	buf[256];
+    char	*name, *prg, *city, *doing;

    memset(&buf, 0, sizeof(buf));
    snprintf(buf, 256, "100:0;");
@@ -542,11 +572,17 @@ char *get_reginfo(int first)
 	    return buf;

 	if ((int)reginfo[entrypos].pid != 0) {
+	    name  = xstrcpy(clencode(reginfo[entrypos].uname));
+	    prg   = xstrcpy(clencode(reginfo[entrypos].prg));
+	    city  = xstrcpy(clencode(reginfo[entrypos].city));
+	    doing = xstrcpy(clencode( reginfo[entrypos].doing));
 	    snprintf(buf, 256, "100:7,%d,%s,%s,%s,%s,%s,%d;", 
 				reginfo[entrypos].pid, reginfo[entrypos].tty,
-				reginfo[entrypos].uname, reginfo[entrypos].prg,
-				reginfo[entrypos].city, reginfo[entrypos].doing,
-				reginfo[entrypos].started);
+				name, prg, city, doing, reginfo[entrypos].started);
+	    free(name);
+	    free(prg);
+	    free(city);
+	    free(doing);
 	    return buf;
 	}
    }
@@ -565,25 +601,30 @@ int reg_page(char *data)
 	        
    cnt    = strtok(data, ",");
    pid    = strtok(NULL, ",");
-    reason = strtok(NULL, "\0");
-    reason[strlen(reason)-1] = '\0';
+    reason = xstrcpy(cldecode(strtok(NULL, ";")));

    Syslog('+', "reg_page: pid=%d, reason=\"%s\"", pid, reason);

-    if (!sysop_present)
+    if (!sysop_present) {
+	free(reason);
 	return 2;
+    }

    /*
     * Check if another user is paging the sysop or has paged the sysop.
     * If so, mark sysop busy.
     */
    for (i = 1; i < MAXCLIENT; i++) {
-	if (reginfo[i].pid && (reginfo[i].pid != atoi(pid)) && (reginfo[i].paging || reginfo[i].haspaged))
+	if (reginfo[i].pid && (reginfo[i].pid != atoi(pid)) && (reginfo[i].paging || reginfo[i].haspaged)) {
+	    free(reason);
 	    return 1;
+	}
    }

-    if ((rec = reg_find(pid)) == -1)
+    if ((rec = reg_find(pid)) == -1) {
+	free(reason);
 	return 3;
+    }

    /*
     * All seems well, accept the page
@@ -633,11 +674,11 @@ char *reg_checkpage(char *data)
    memset(&buf, 0, sizeof(buf));
    for (i = 1; i < MAXCLIENT; i++) {
 	if (reginfo[i].pid && reginfo[i].paging) {
-	    snprintf(buf, 128, "100:3,%d,1,%s;", reginfo[i].pid, reginfo[i].reason);
+	    snprintf(buf, 128, "100:3,%d,1,%s;", reginfo[i].pid, clencode(reginfo[i].reason));
 	    return buf;
 	}
 	if (reginfo[i].pid && reginfo[i].haspaged) {
-	    snprintf(buf, 128, "100:3,%d,0,%s;", reginfo[i].pid, reginfo[i].reason);
+	    snprintf(buf, 128, "100:3,%d,0,%s;", reginfo[i].pid, clencode(reginfo[i].reason));
 	    return buf;
 	}
    }
--- a/mbtask/taskutil.c
+++ b/mbtask/taskutil.c
@@ -625,3 +625,68 @@ char *printable(char *s, int l)
    return pbuff;
 }

+
+
+char *clencode(char *s)
+{
+    char        Base16Code[]="0123456789ABCDEF";
+    static char *buf;
+    char        *p, *q;
+
+    if (buf)
+	free(buf);
+    buf = NULL;
+    if (s == NULL)
+	return NULL;
+			                                    
+    if ((buf = malloc(2 * strlen(s) + 1 * sizeof(char))) == NULL) {
+	Syslog('+', "clencode: out of memory:string too long:\"%s\"", s);
+	return s;
+    }
+    for (p = s, q = buf; *p != '\0';) {
+	if ((! isascii(*p)) || (*p == ',') || (*p == ';')) {
+	    *q++ = '\\';
+	    *q++ = Base16Code[(*p >> 4) & 0x0f];
+	    *q++ = Base16Code[*p & 0x0f];
+	    p++;
+	} else if (*p == '\\') {
+	    *q++ = '\\';
+	    *q++ = *p++;
+	} else {
+	    *q++ = *p++;
+	}
+    }
+    *q = '\0';
+    return buf;
+}
+
+
+
+char *cldecode(char *s)
+{
+    char    *p, *q;
+    int     i;
+
+    if (s == NULL) {
+	return NULL;
+    }
+
+    for (p = s, q = s; *p; p++) {
+	if (*p == '\\') {
+	    if (*(p + 1) == '\\') {
+		*q++ = *p++;
+	    } else {
+		sscanf(p + 1, "%02x", &i);
+		*q++ = i;
+		p += 2;
+	    }
+	} else {
+	    *q++ = *p;
+	}
+    }
+
+    *q = '\0';
+    return s;
+}
+
+