From e368f3e9a6dc7448ec74bd5dd77497ce030fe1eb Mon Sep 17 00:00:00 2001 From: SanyaSho Date: Fri, 4 Nov 2022 01:03:52 +0000 Subject: [PATCH] game: fix string vulnerabilities --- game/client/message.cpp | 4 ++-- game/client/vgui_messagechars.cpp | 6 +++--- game/client/vgui_netgraphpanel.cpp | 24 ++++++++++++------------ game/client/vgui_textmessagepanel.cpp | 2 +- game/server/ai_speech.cpp | 6 +++--- game/server/util.cpp | 2 +- vgui2/dme_controls/dmedagrenderpanel.cpp | 2 +- 7 files changed, 23 insertions(+), 23 deletions(-) diff --git a/game/client/message.cpp b/game/client/message.cpp index fe341e71..22c99866 100644 --- a/game/client/message.cpp +++ b/game/client/message.cpp @@ -987,7 +987,7 @@ void CHudMessage::AddChar( int r, int g, int b, int a, wchar_t ch ) //----------------------------------------------------------------------------- void CHudMessage::GetTextExtents( int *wide, int *tall, const char *string ) { - *wide = g_pMatSystemSurface->DrawTextLen( m_hFont, (char *)string ); + *wide = g_pMatSystemSurface->DrawTextLen( m_hFont, "%s", (char *)string ); *tall = vgui::surface()->GetFontTall( m_hFont ); } @@ -1067,4 +1067,4 @@ void CHudMessage::PaintCharacters() void CHudMessage::GetLength( int *wide, int *tall, const char *string ) { GetTextExtents( wide, tall, string ); -} \ No newline at end of file +} diff --git a/game/client/vgui_messagechars.cpp b/game/client/vgui_messagechars.cpp index 1d1410f1..86876295 100644 --- a/game/client/vgui_messagechars.cpp +++ b/game/client/vgui_messagechars.cpp @@ -252,7 +252,7 @@ int CMessageCharsPanel::AddText( msg->hCustomFont = m_hFont; // Return new cursor position - return x + g_pMatSystemSurface->DrawTextLen( msg->hCustomFont, data ); + return x + g_pMatSystemSurface->DrawTextLen( msg->hCustomFont, "%s", data ); } //----------------------------------------------------------------------------- @@ -272,7 +272,7 @@ void CMessageCharsPanel::GetTextExtents( vgui::HFont hCustomFont, int *wide, int Assert( hCustomFont ); - *wide = g_pMatSystemSurface->DrawTextLen( hCustomFont, (char *)string ); + *wide = g_pMatSystemSurface->DrawTextLen( hCustomFont, "%s", (char *)string ); *tall = vgui::surface()->GetFontTall( hCustomFont ); } @@ -310,7 +310,7 @@ void CMessageCharsPanel::Paint() CMessageCharsPanel::message_t *msg = m_pActive; while ( msg ) { - g_pMatSystemSurface->DrawColoredText( msg->hCustomFont, msg->x, msg->y, msg->r, msg->g, msg->b, msg->a, msg->text ); + g_pMatSystemSurface->DrawColoredText( msg->hCustomFont, msg->x, msg->y, msg->r, msg->g, msg->b, msg->a, "%s", msg->text ); msg = msg->next; } diff --git a/game/client/vgui_netgraphpanel.cpp b/game/client/vgui_netgraphpanel.cpp index b847a89d..f87d50b3 100644 --- a/game/client/vgui_netgraphpanel.cpp +++ b/game/client/vgui_netgraphpanel.cpp @@ -733,8 +733,8 @@ void CNetGraphPanel::DrawTextFields( int graphvalue, int x, int y, int w, netban int textTall = surface()->GetFontTall( font ); Q_snprintf( sz, sizeof( sz ), "fps:%4i ping: %i ms", (int)(1.0f / m_Framerate), (int)(m_AvgLatency*1000.0f) ); - - g_pMatSystemSurface->DrawColoredText( font, x, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, sz ); + + g_pMatSystemSurface->DrawColoredText( font, x, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, "%s", sz ); // Draw update rate DrawUpdateRate( x + w, y ); @@ -752,12 +752,12 @@ void CNetGraphPanel::DrawTextFields( int graphvalue, int x, int y, int w, netban } int totalsize = graph[ ( m_IncomingSequence & ( TIMINGS - 1 ) ) ].msgbytes[INetChannelInfo::TOTAL]; - + Q_snprintf( sz, sizeof( sz ), "in :%4i %2.2f k/s ", totalsize, m_IncomingData ); int textWidth = g_pMatSystemSurface->DrawTextLen( font, "%s", sz ); - g_pMatSystemSurface->DrawColoredText( font, x, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, sz ); + g_pMatSystemSurface->DrawColoredText( font, x, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, "%s", sz ); Q_snprintf( sz, sizeof( sz ), "lerp: %5.1f ms", GetClientInterpAmount() * 1000.0f ); @@ -781,23 +781,23 @@ void CNetGraphPanel::DrawTextFields( int graphvalue, int x, int y, int w, netban } } - g_pMatSystemSurface->DrawColoredText( font, x + textWidth, y, interpcolor[ 0 ], interpcolor[ 1 ], interpcolor[ 2 ], 255, sz ); + g_pMatSystemSurface->DrawColoredText( font, x + textWidth, y, interpcolor[ 0 ], interpcolor[ 1 ], interpcolor[ 2 ], 255, "%s", sz ); Q_snprintf( sz, sizeof( sz ), "%3.1f/s", m_AvgPacketIn ); textWidth = g_pMatSystemSurface->DrawTextLen( font, "%s", sz ); - g_pMatSystemSurface->DrawColoredText( font, x + w - textWidth - 1, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, sz ); + g_pMatSystemSurface->DrawColoredText( font, x + w - textWidth - 1, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, "%s", sz ); y += textTall; Q_snprintf( sz, sizeof( sz ), "out:%4i %2.2f k/s", out, m_OutgoingData ); - g_pMatSystemSurface->DrawColoredText( font, x, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, sz ); + g_pMatSystemSurface->DrawColoredText( font, x, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, "%s", sz ); Q_snprintf( sz, sizeof( sz ), "%3.1f/s", m_AvgPacketOut ); textWidth = g_pMatSystemSurface->DrawTextLen( font, "%s", sz ); - g_pMatSystemSurface->DrawColoredText( font, x + w - textWidth - 1, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, sz ); + g_pMatSystemSurface->DrawColoredText( font, x + w - textWidth - 1, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, "%s", sz ); y += textTall; @@ -809,7 +809,7 @@ void CNetGraphPanel::DrawTextFields( int graphvalue, int x, int y, int w, netban textWidth = g_pMatSystemSurface->DrawTextLen( font, "%s", sz ); - g_pMatSystemSurface->DrawColoredText( font, x, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, sz ); + g_pMatSystemSurface->DrawColoredText( font, x, y, GRAPH_RED, GRAPH_GREEN, GRAPH_BLUE, 255, "%s", sz ); y += textTall; @@ -832,7 +832,7 @@ void CNetGraphPanel::DrawTextFields( int graphvalue, int x, int y, int w, netban servercolor[ 2 ] = 0; } - g_pMatSystemSurface->DrawColoredText( font, x, y, servercolor[ 0 ], servercolor[ 1 ], servercolor[ 2 ], 255, sz ); + g_pMatSystemSurface->DrawColoredText( font, x, y, servercolor[ 0 ], servercolor[ 1 ], servercolor[ 2 ], 255, "%s", sz ); y += textTall; } @@ -1119,14 +1119,14 @@ void CNetGraphPanel::DrawLargePacketSizes( int x, int w, int graphtype, float wa char sz[ 32 ]; Q_snprintf( sz, sizeof( sz ), "%i", nTotalBytes ); - int len = g_pMatSystemSurface->DrawTextLen( m_hFont, sz ); + int len = g_pMatSystemSurface->DrawTextLen( m_hFont, "%s", sz ); int textx, texty; textx = rcFill.x - len / 2; texty = MAX( 0, rcFill.y - 11 ); - g_pMatSystemSurface->DrawColoredText( m_hFont, textx, texty, 255, 255, 255, 255, sz ); + g_pMatSystemSurface->DrawColoredText( m_hFont, textx, texty, 255, 255, 255, 255, "%s", sz ); } } } diff --git a/game/client/vgui_textmessagepanel.cpp b/game/client/vgui_textmessagepanel.cpp index 5e4b1232..91771203 100644 --- a/game/client/vgui_textmessagepanel.cpp +++ b/game/client/vgui_textmessagepanel.cpp @@ -238,7 +238,7 @@ void CTextMessagePanel::AddChar( int r, int g, int b, int a, wchar_t ch ) //----------------------------------------------------------------------------- void CTextMessagePanel::GetTextExtents( int *wide, int *tall, const char *string ) { - *wide = g_pMatSystemSurface->DrawTextLen( m_hFont, (char *)string ); + *wide = g_pMatSystemSurface->DrawTextLen( m_hFont, "%s", (char *)string ); *tall = vgui::surface()->GetFontTall( m_hFont ); } diff --git a/game/server/ai_speech.cpp b/game/server/ai_speech.cpp index d98fe7b8..f325c945 100644 --- a/game/server/ai_speech.cpp +++ b/game/server/ai_speech.cpp @@ -885,13 +885,13 @@ void CAI_Expresser::SpeechMsg( CBaseEntity *pFlex, const char *pszFormat, ... ) if ( pFlex->MyNPCPointer() ) { - DevMsg( pFlex->MyNPCPointer(), string ); + DevMsg( pFlex->MyNPCPointer(), "%s", string ); } else { DevMsg( "%s", string ); } - UTIL_LogPrintf( string ); + UTIL_LogPrintf( "%s", string ); } @@ -1042,4 +1042,4 @@ void CMultiplayer_Expresser::AllowMultipleScenes() void CMultiplayer_Expresser::DisallowMultipleScenes() { m_bAllowMultipleScenes = false; -} \ No newline at end of file +} diff --git a/game/server/util.cpp b/game/server/util.cpp index 974ddf8d..1c9d322f 100644 --- a/game/server/util.cpp +++ b/game/server/util.cpp @@ -59,7 +59,7 @@ void DBG_AssertFunction( bool fExpr, const char *szExpr, const char *szFile, int Q_snprintf(szOut,sizeof(szOut), "ASSERT FAILED:\n %s \n(%s@%d)\n%s", szExpr, szFile, szLine, szMessage); else Q_snprintf(szOut,sizeof(szOut), "ASSERT FAILED:\n %s \n(%s@%d)\n", szExpr, szFile, szLine); - Warning( szOut); + Warning( "%s", szOut ); } #endif // DEBUG diff --git a/vgui2/dme_controls/dmedagrenderpanel.cpp b/vgui2/dme_controls/dmedagrenderpanel.cpp index 4d6e1381..849464db 100644 --- a/vgui2/dme_controls/dmedagrenderpanel.cpp +++ b/vgui2/dme_controls/dmedagrenderpanel.cpp @@ -263,7 +263,7 @@ void CDmeDagRenderPanel::DrawJointNames( CDmeDag *pRoot, CDmeDag *pDag, const ma { Q_snprintf( pJointName, sizeof(pJointName), "%s", pJoint->GetName() ); } - g_pMatSystemSurface->DrawColoredText( m_hFont, vecPanelPos.x + 5, vecPanelPos.y, 255, 255, 255, 255, pJointName ); + g_pMatSystemSurface->DrawColoredText( m_hFont, vecPanelPos.x + 5, vecPanelPos.y, 255, 255, 255, 255, "%s", pJointName ); } int nCount = pDag->GetChildCount();