Re: [Freeciv-Dev] (PR#40299) fix buffer overflow in send_chat_printf

[Marko Lindqvist]

URL: http://bugs.freeciv.org/Ticket/Display.html?id=40299 

2008/6/22 Jason Dorje Short:
 Also with utf-8 truncating things like this is not at all safe.  This
 can send incorrect utf-8 to the server which when sent back to the
 client becomes very hard to handle.  GTK will crash (yes, crash) if
 given invalid utf-8; it's supposed to be checked before it's passed in
 but I'm not sure if we do that.  If it is checked the best thing the
 client could do is discard the invalid utf-8 string.

 Actually, that truncation is not needed with any correctly working
implementation of vsnprintf(). Ending zero should be there already,
and hopefully in right place UTF-8 wise.

 But does it makes sense to send such truncated command at all. At
worst case we execute wrong variant of the command that has different
versions taking different number of parameters. At best case we are
just abbreviating something so that server still understands it.


 - ML



___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Re: [Freeciv-Dev] (PR#40299) fix buffer overflow in send_chat_printf

[Jason Dorje Short]

URL: http://bugs.freeciv.org/Ticket/Display.html?id=40299 

Marko Lindqvist wrote:
 URL: http://bugs.freeciv.org/Ticket/Display.html?id=40299 
 
 2008/6/22 Jason Dorje Short:
 Also with utf-8 truncating things like this is not at all safe.  This
 can send incorrect utf-8 to the server which when sent back to the
 client becomes very hard to handle.  GTK will crash (yes, crash) if
 given invalid utf-8; it's supposed to be checked before it's passed in
 but I'm not sure if we do that.  If it is checked the best thing the
 client could do is discard the invalid utf-8 string.
 
  Actually, that truncation is not needed with any correctly working
 implementation of vsnprintf(). Ending zero should be there already,
 and hopefully in right place UTF-8 wise.

Yes, most (all?) implementations of snprintf should truncate.  But it 
will NOT be in the right place utf-8 wise; snprintf knows nothing about 
characters, only bytes.  If truncation happens it'll be on the 50th byte 
regardless of how many characters fit in there or if it gets truncated 
mid-character.

  But does it makes sense to send such truncated command at all. At
 worst case we execute wrong variant of the command that has different
 versions taking different number of parameters. At best case we are
 just abbreviating something so that server still understands it.

Possibly aborting and giving the user an error message is better, yes.

For *commands* truncation shouldn't be much issue anyway as utf-8 should 
generally not be used (possible exceptions being with player names or 
such).  For chat lines utf-8 would be the standard.  Chat lines are also 
limited (by packet length if nothing else) and thus some form of 
truncation or filtering (discarding too-long lines) is needed.  This may 
be done at the client end (limiting lines to 100 letters for instance, 
in GTK code) but should also be checked before such strings received 
across the network are actually used (glib has a function for checking 
UTF-8 string validity, for instance).

I don't know how much of this has been done, but having written most of 
the encoding code I believe this is probably one area where our checks 
fall short.

-jason



___
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev