Skip to content

Commit aeef22f

Browse files
committed
Fixed issue #123
This adds more security checks when converting from a pointer.
1 parent b32c82b commit aeef22f

File tree

8 files changed

+83
-17
lines changed

8 files changed

+83
-17
lines changed

src/core/utilities/conversions.h

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
#include "eiface.h"
3737
#include "public/game/server/iplayerinfo.h"
3838
#include "utilities/baseentity.h"
39+
#include "toolframework/itoolentity.h"
3940

4041
BOOST_PYTHON_OPAQUE_SPECIALIZED_TYPE_ID(CBaseEntity)
4142

@@ -45,6 +46,7 @@ BOOST_PYTHON_OPAQUE_SPECIALIZED_TYPE_ID(CBaseEntity)
4546
extern IVEngineServer *engine;
4647
extern CGlobalVars *gpGlobals;
4748
extern IPlayerInfoManager *playerinfomanager;
49+
extern IServerTools *servertools;
4850

4951

5052
//-----------------------------------------------------------------------------
@@ -241,4 +243,72 @@ CREATE_EXC_CONVERSION_FUNCTION(CPointer, Pointer, CBaseEntity *, BaseEntity);
241243
CREATE_EXC_CONVERSION_FUNCTION(CPointer, Pointer, unsigned int, Userid);
242244
CREATE_EXC_CONVERSION_FUNCTION(CPointer, Pointer, IPlayerInfo *, PlayerInfo);
243245

246+
247+
//-----------------------------------------------------------------------------
248+
// Helper functions
249+
//-----------------------------------------------------------------------------
250+
inline bool IsValidBaseEntityPointer(void* ptr)
251+
{
252+
if (!ptr)
253+
return false;
254+
255+
CBaseEntity* pEntity = servertools->FirstEntity();
256+
while (pEntity) {
257+
if (pEntity == ptr)
258+
return true;
259+
260+
pEntity = servertools->NextEntity(pEntity);
261+
}
262+
return false;
263+
}
264+
265+
inline bool IsValidBaseEntityPointer(CPointer* pPtr)
266+
{
267+
return pPtr && IsValidBaseEntityPointer((void*) pPtr->m_ulAddr);
268+
}
269+
270+
inline bool IsValidNetworkedEntityPointer(void* ptr)
271+
{
272+
if (!ptr)
273+
return false;
274+
275+
for (int i=0; i < gpGlobals->maxEntities; ++i)
276+
{
277+
edict_t* pEdict = NULL;
278+
if (!EdictFromIndex(i, pEdict))
279+
continue;
280+
281+
if (pEdict->GetUnknown()->GetBaseEntity() == ptr)
282+
return true;
283+
}
284+
return false;
285+
}
286+
287+
inline bool IsValidNetworkedEntityPointer(CPointer* pPtr)
288+
{
289+
return pPtr && IsValidNetworkedEntityPointer((void*) pPtr->m_ulAddr);
290+
}
291+
292+
inline bool IsValidPlayerPointer(void* ptr)
293+
{
294+
if (!ptr)
295+
return false;
296+
297+
for (int i=1; i < gpGlobals->maxClients; ++i)
298+
{
299+
edict_t* pEdict = NULL;
300+
if (!EdictFromIndex(i, pEdict))
301+
continue;
302+
303+
if (pEdict->GetUnknown()->GetBaseEntity() == ptr)
304+
return true;
305+
}
306+
return false;
307+
}
308+
309+
inline bool IsValidPlayerPointer(CPointer* pPtr)
310+
{
311+
return pPtr && IsValidPlayerPointer((void*) pPtr->m_ulAddr);
312+
}
313+
244314
#endif // _CONVERSIONS_H

src/core/utilities/conversions/baseentity_from.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ bool BaseEntityFromEdict( edict_t *pEdict, CBaseEntity*& output )
5252
//-----------------------------------------------------------------------------
5353
bool BaseEntityFromPointer( CPointer *pEntityPointer, CBaseEntity*& output )
5454
{
55-
if (!pEntityPointer || !pEntityPointer->IsValid())
55+
if (!IsValidBaseEntityPointer(pEntityPointer))
5656
return false;
5757

5858
output = (CBaseEntity *) pEntityPointer->m_ulAddr;

src/core/utilities/conversions/basehandle_from.cpp

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -105,11 +105,10 @@ bool BaseHandleFromBaseEntity( CBaseEntity *pBaseEntity, CBaseHandle& output )
105105
//-----------------------------------------------------------------------------
106106
bool BaseHandleFromPointer( CPointer *pEntityPointer, CBaseHandle& output )
107107
{
108-
CBaseEntity* pBaseEntity;
109-
if (!BaseEntityFromPointer(pEntityPointer, pBaseEntity))
108+
if (!IsValidNetworkedEntityPointer(pEntityPointer))
110109
return false;
111110

112-
return BaseHandleFromBaseEntity(pBaseEntity, output);
111+
return BaseHandleFromBaseEntity((CBaseEntity*) pEntityPointer->m_ulAddr, output);
113112
}
114113

115114

src/core/utilities/conversions/edict_from.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -136,8 +136,8 @@ bool EdictFromIntHandle( unsigned int iEntityHandle, edict_t*& output )
136136
//-----------------------------------------------------------------------------
137137
bool EdictFromPointer( CPointer *pEntityPointer, edict_t*& output )
138138
{
139-
if (!pEntityPointer || !pEntityPointer->IsValid())
139+
if (!IsValidNetworkedEntityPointer(pEntityPointer))
140140
return false;
141141

142-
return EdictFromBaseEntity((CBaseEntity *)pEntityPointer->m_ulAddr, output);
142+
return EdictFromBaseEntity((CBaseEntity *) pEntityPointer->m_ulAddr, output);
143143
}

src/core/utilities/conversions/index_from.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,10 +78,10 @@ bool IndexFromBaseEntity( CBaseEntity *pBaseEntity, unsigned int& output )
7878
//-----------------------------------------------------------------------------
7979
bool IndexFromPointer( CPointer *pEntityPointer, unsigned int& output )
8080
{
81-
if (!pEntityPointer || !pEntityPointer->IsValid())
81+
if (!IsValidNetworkedEntityPointer(pEntityPointer))
8282
return false;
8383

84-
return IndexFromBaseEntity((CBaseEntity *)pEntityPointer->m_ulAddr, output);
84+
return IndexFromBaseEntity((CBaseEntity *) pEntityPointer->m_ulAddr, output);
8585
}
8686

8787

src/core/utilities/conversions/inthandle_from.cpp

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -91,11 +91,10 @@ bool IntHandleFromBaseEntity( CBaseEntity *pBaseEntity, unsigned int& output )
9191
//-----------------------------------------------------------------------------
9292
bool IntHandleFromPointer( CPointer *pEntityPointer, unsigned int& output )
9393
{
94-
CBaseEntity* pBaseEntity;
95-
if (!BaseEntityFromPointer(pEntityPointer, pBaseEntity))
94+
if (!IsValidNetworkedEntityPointer(pEntityPointer))
9695
return false;
9796

98-
return IntHandleFromBaseEntity(pBaseEntity, output);
97+
return IntHandleFromBaseEntity((CBaseEntity*) pEntityPointer->m_ulAddr, output);
9998
}
10099

101100

src/core/utilities/conversions/playerinfo_from.cpp

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -64,11 +64,10 @@ bool PlayerInfoFromBaseEntity( CBaseEntity *pBaseEntity, IPlayerInfo*& output)
6464
//-----------------------------------------------------------------------------
6565
bool PlayerInfoFromPointer( CPointer *pEntityPointer, IPlayerInfo*& output)
6666
{
67-
CBaseEntity* pBaseEntity;
68-
if (!BaseEntityFromPointer(pEntityPointer, pBaseEntity))
67+
if (!IsValidPlayerPointer(pEntityPointer))
6968
return false;
7069

71-
return PlayerInfoFromBaseEntity(pBaseEntity, output);
70+
return PlayerInfoFromBaseEntity((CBaseEntity*) pEntityPointer->m_ulAddr, output);
7271
}
7372

7473

src/core/utilities/conversions/userid_from.cpp

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -117,9 +117,8 @@ bool UseridFromBaseEntity( CBaseEntity *pBaseEntity, unsigned int& output )
117117
//-----------------------------------------------------------------------------
118118
bool UseridFromPointer( CPointer *pEntityPointer, unsigned int& output )
119119
{
120-
CBaseEntity* pBaseEntity;
121-
if (!BaseEntityFromPointer(pEntityPointer, pBaseEntity))
120+
if (!IsValidPlayerPointer(pEntityPointer))
122121
return false;
123122

124-
return UseridFromBaseEntity(pBaseEntity, output);
123+
return UseridFromBaseEntity((CBaseEntity*) pEntityPointer->m_ulAddr, output);
125124
}

0 commit comments

Comments
 (0)