diff --git a/src/client.cpp b/src/client.cpp index aca38b16..38ed1497 100644 --- a/src/client.cpp +++ b/src/client.cpp @@ -1276,6 +1276,13 @@ void Client::ProcessData(u8 *data, u32 datasize, u16 sender_peer_id) //read texture from cache std::string name = deSerializeString(is); std::string sha1_texture = deSerializeString(is); + + // if name contains illegal characters, ignore the texture + if(!string_allowed(name, TEXTURENAME_ALLOWED_CHARS)){ + errorstream<<"Client: ignoring illegal texture name " + <<"sent by server: \""< data_rw(data.c_str(), data.size()); // Create an irrlicht memory file diff --git a/src/clientserver.h b/src/clientserver.h index 3f97d373..43de689e 100644 --- a/src/clientserver.h +++ b/src/clientserver.h @@ -48,6 +48,8 @@ with this program; if not, write to the Free Software Foundation, Inc., #define PASSWORD_SIZE 28 // Maximum password length. Allows for // base64-encoded SHA-1 (27+\0). +#define TEXTURENAME_ALLOWED_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_." + enum ToClientCommand { TOCLIENT_INIT = 0x10, diff --git a/src/server.cpp b/src/server.cpp index 8bf9eee3..d1a71bdb 100644 --- a/src/server.cpp +++ b/src/server.cpp @@ -4273,6 +4273,12 @@ void Server::PrepareTextures() { if(dirlist[j].dir) // Ignode dirs continue; std::string tname = dirlist[j].name; + // if name contains illegal characters, ignore the texture + if(!string_allowed(tname, TEXTURENAME_ALLOWED_CHARS)){ + errorstream<<"Server: ignoring illegal texture name: \"" + < texture_announcements; @@ -4407,6 +4418,11 @@ void Server::SendTexturesRequested(u16 peer_id,core::list tosend u32 texture_size_bunch_total = 0; for(core::list::Iterator i = tosend.begin(); i != tosend.end(); i++) { + if(m_Textures.find(i->name) == m_Textures.end()){ + errorstream<<"Server::SendTexturesRequested(): Client asked for " + <<"unknown texture \""<<(i->name)<<"\""<