From a6569855187d7888fdfc52a4ca7d3344df09b57c Mon Sep 17 00:00:00 2001 From: kervala Date: Tue, 18 Oct 2016 17:44:47 +0200 Subject: [PATCH 1/3] Fixed: Possible SQL injection, fixes #297 --HG-- branch : develop --- code/ryzom/server/src/monitor_service/service_main.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/code/ryzom/server/src/monitor_service/service_main.cpp b/code/ryzom/server/src/monitor_service/service_main.cpp index bf092bbae..b74830665 100644 --- a/code/ryzom/server/src/monitor_service/service_main.cpp +++ b/code/ryzom/server/src/monitor_service/service_main.cpp @@ -379,8 +379,12 @@ void clientAuthentication(CMessage &msgin, TSockId from, CCallbackNetBase &netba { if (!Clients[i]->BadLogin) // don't allow new login attempt while thisflag is set { + // escape login + char esccapedLogin[100]; + size_t len = mysql_real_escape_string(DatabaseConnection, esccapedLogin, login.c_str(), login.length()); + // make a db request to to db to see if password is valid - std::string queryStr = toString("SELECT Password FROM user where Login='%s'", login.c_str()); + std::string queryStr = toString("SELECT Password FROM user where Login='%s'", esccapedLogin); int result = mysql_query(DatabaseConnection, queryStr.c_str()); if (result == 0) { From a62e5ec380e1455875e1f2a2b00d21f95d6b0a28 Mon Sep 17 00:00:00 2001 From: kervala Date: Tue, 18 Oct 2016 17:45:55 +0200 Subject: [PATCH 2/3] Changed: Minor changes --HG-- branch : develop --- .../src/monitor_service/service_main.cpp | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/code/ryzom/server/src/monitor_service/service_main.cpp b/code/ryzom/server/src/monitor_service/service_main.cpp index b74830665..b0d491932 100644 --- a/code/ryzom/server/src/monitor_service/service_main.cpp +++ b/code/ryzom/server/src/monitor_service/service_main.cpp @@ -109,7 +109,7 @@ CMySQLResult::CMySQLResult(MYSQL_RES* res) /// Constructor CMySQLResult::CMySQLResult(MYSQL* database) -{ +{ _Result = mysql_store_result(database); } /// Destructor @@ -174,7 +174,7 @@ MYSQL_ROW CMySQLResult::fetchRow() /* *************************************************************************** Doc : - When an entity is added in the service mirror, the service checks if its name is in the name cache. If + When an entity is added in the service mirror, the service checks if its name is in the name cache. If the string ID is not known, the server ask the IOS for the string. When the IOS sends back a string, the server broadcasts this string to the connected clients. @@ -275,7 +275,7 @@ void clientWantsToConnect ( TSockId from, void *arg ) nlinfo ("Add client %d", Clients.size()); Clients.push_back (new CMonitorClient(from)); - + CMonitorService &ms = getMonitorService(); // send params about this sever the client @@ -284,7 +284,7 @@ void clientWantsToConnect ( TSockId from, void *arg ) uint32 version = 0; msgout.serial(version); msgout.serial(ms.LoginRequired); - Server->send(msgout, from); + Server->send(msgout, from); Clients.back()->Authentificated = !ms.LoginRequired; @@ -333,7 +333,7 @@ void clientSetWindow (CMessage &msgin, TSockId from, CCallbackNetBase &netbase) for (uint i = 0; i < Clients.size(); ++i) { if (Clients[i]->getSock() == from && Clients[i]->Authentificated) - { + { nlinfo ("Client %d sets window (%.0f,%.0f) (%.0f,%.0f)", i, xmin, ymin, xmax, ymax); Clients[i]->setWindow(xmin,ymin,xmax,ymax); Clients[i]->resetVision(); @@ -377,7 +377,7 @@ void clientAuthentication(CMessage &msgin, TSockId from, CCallbackNetBase &netba { if (!Clients[i]->Authentificated && Clients[i]->getSock() == from) { - if (!Clients[i]->BadLogin) // don't allow new login attempt while thisflag is set + if (!Clients[i]->BadLogin) // don't allow new login attempt while this flag is set { // escape login char esccapedLogin[100]; @@ -391,7 +391,7 @@ void clientAuthentication(CMessage &msgin, TSockId from, CCallbackNetBase &netba CMySQLResult sqlResult(DatabaseConnection); if (sqlResult.success() && sqlResult.numRows() == 1) { - MYSQL_ROW row = sqlResult.fetchRow(); + MYSQL_ROW row = sqlResult.fetchRow(); if (sqlResult.numFields() == 1) { if (strlen(row[0]) > 2) @@ -411,19 +411,19 @@ void clientAuthentication(CMessage &msgin, TSockId from, CCallbackNetBase &netba Clients[i]->Authentificated = true; // password is good CMessage msgout; - msgout.setType("AUTHENT_VALID"); + msgout.setType("AUTHENT_VALID"); Server->send(msgout, from); return; } } - } + } } } // fail the authentication // Do not send result immediatly to avoid a potential hacker // to try a dictionnary or that dort of things BadLoginClients.insert(std::pair >( - NLMISC::CTime::getLocalTime() + LOGIN_RETRY_DELAY_IN_MILLISECONDS, + NLMISC::CTime::getLocalTime() + LOGIN_RETRY_DELAY_IN_MILLISECONDS, (NLMISC::CRefPtr)Clients[i])); Clients[i]->BadLogin =true; return; @@ -531,9 +531,9 @@ void CMonitorService::init () // *************************************************************************** -void CMonitorService::release () +void CMonitorService::release () { - disconnectFromDatabase(); + disconnectFromDatabase(); // release sub systems // CMessages::release(); CMirrors::release(); @@ -572,7 +572,7 @@ bool CMonitorService::update () client.update(); } } - + // Sent bad login msg to clients at the right time NLMISC::TTime currentTime = NLMISC::CTime::getLocalTime(); while (!BadLoginClients.empty() && BadLoginClients.begin()->first <= currentTime) @@ -581,9 +581,9 @@ bool CMonitorService::update () if (client != NULL) { CMessage msgout; - msgout.setType("AUTHENT_INVALID"); + msgout.setType("AUTHENT_INVALID"); Server->send(msgout, client->getSock()); - client->BadLogin = false; // allow to accept login again for that client + client->BadLogin = false; // allow to accept login again for that client } BadLoginClients.erase(BadLoginClients.begin()); } From f93e5458d93f8e27d2678a7acfed2e1c730a8e5c Mon Sep 17 00:00:00 2001 From: kervala Date: Tue, 18 Oct 2016 17:46:31 +0200 Subject: [PATCH 3/3] Changed: Skip already uncompressed files --HG-- branch : develop --- .../ryzom_installer/src/filesextractor.cpp | 69 ++++++++++++------- 1 file changed, 43 insertions(+), 26 deletions(-) diff --git a/code/ryzom/tools/client/ryzom_installer/src/filesextractor.cpp b/code/ryzom/tools/client/ryzom_installer/src/filesextractor.cpp index bdc092d04..c0a446cb0 100644 --- a/code/ryzom/tools/client/ryzom_installer/src/filesextractor.cpp +++ b/code/ryzom/tools/client/ryzom_installer/src/filesextractor.cpp @@ -408,28 +408,53 @@ bool CFilesExtractor::extract7z() QString path = QString::fromUtf16(temp); QString filename = QFileInfo(path).fileName(); - if (!isDir) - { - if (m_listener) m_listener->operationProgress(totalUncompressed, filename); - - res = SzArEx_Extract(&db, &lookStream.s, i, &blockIndex, &outBuffer, &outBufferSize, - &offset, &outSizeProcessed, &allocImp, &allocTempImp); - - if (res != SZ_OK) break; - } - QString destPath = m_destinationDirectory + '/' + path; - QDir dir; + // get uncompressed size + quint64 uncompressedSize = SzArEx_GetFileSize(&db, i); + + // get modification time + quint32 modificationTime = 0; + + if (SzBitWithVals_Check(&db.MTime, i)) + { + modificationTime = convertWindowsFileTimeToUnixTimestamp(db.MTime.Vals[i]); + } if (isDir) { - dir.mkpath(destPath); + QDir().mkpath(destPath); continue; } - dir.mkpath(QFileInfo(destPath).absolutePath()); + // check if file exists + if (QFile::exists(destPath)) + { + QFileInfo currentFileInfo(destPath); + // skip file if same size and same modification date + if (currentFileInfo.lastModified().toTime_t() == modificationTime && currentFileInfo.size() == uncompressedSize) + { + // update progress + totalUncompressed += uncompressedSize; + + if (m_listener) m_listener->operationProgress(totalUncompressed, filename); + + continue; + } + } + + if (m_listener) m_listener->operationProgress(totalUncompressed, filename); + + res = SzArEx_Extract(&db, &lookStream.s, i, &blockIndex, &outBuffer, &outBufferSize, + &offset, &outSizeProcessed, &allocImp, &allocTempImp); + + if (res != SZ_OK) break; + + // create file directory + QDir().mkpath(QFileInfo(destPath).absolutePath()); + + // create file QFile outFile(destPath); if (!outFile.open(QFile::WriteOnly)) @@ -446,10 +471,7 @@ bool CFilesExtractor::extract7z() qint64 currentProcessedSize = outFile.write((const char*)(outBuffer + offset), currentSizeToProcess); // errors only occur when returned size is -1 - if (currentProcessedSize < 0) - { - break; - } + if (currentProcessedSize < 0) break; offset += currentProcessedSize; currentSizeToProcess -= currentProcessedSize; @@ -465,25 +487,20 @@ bool CFilesExtractor::extract7z() outFile.close(); - totalUncompressed += SzArEx_GetFileSize(&db, i); + totalUncompressed += uncompressedSize; if (m_listener) m_listener->operationProgress(totalUncompressed, filename); - // set attrinbutes + // set attributes if (SzBitWithVals_Check(&db.Attribs, i)) { Set7zFileAttrib(destPath, db.Attribs.Vals[i]); } // set modification time - if (SzBitWithVals_Check(&db.MTime, i)) + if (!NLMISC::CFile::setFileModificationDate(qToUtf8(destPath), modificationTime)) { - char buffer[1024]; - - if (!NLMISC::CFile::setFileModificationDate(qToUtf8(destPath), convertWindowsFileTimeToUnixTimestamp(db.MTime.Vals[i]))) - { - qDebug() << "Unable to change date of " << destPath; - } + qDebug() << "Unable to change date of " << destPath; } }