From 4c2b5b38a0f21f4972899c9501bc03c64f0a091a Mon Sep 17 00:00:00 2001 From: Andre Leiradella Date: Wed, 23 Nov 2016 20:18:50 +0000 Subject: [PATCH 1/3] Fix crash when Retro Achievements return a zero-length response when asked for the game's achievements; don't log the user's password and token when CHEEVOS_LOG_URLS is defined (but do when CHEEVOS_LOG_PASSWORD is too) --- cheevos.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 49 insertions(+), 8 deletions(-) diff --git a/cheevos.c b/cheevos.c index c3826af9b6..9c98181141 100644 --- a/cheevos.c +++ b/cheevos.c @@ -62,6 +62,10 @@ * from retroachievements.org. */ #undef CHEEVOS_JSON_OVERRIDE +/* Define this macro to have the password and token logged. THIS WILL DISCLOSE + * THE USER'S PASSWORD, TAKE CARE! */ +#undef CHEEVOS_LOG_PASSWORD + /* C89 wants only int values in enums. */ #define CHEEVOS_JSON_KEY_GAMEID 0xb4960eecU #define CHEEVOS_JSON_KEY_ACHIEVEMENTS 0x69749ae1U @@ -297,6 +301,43 @@ static int cheats_were_enabled = 0; Supporting functions. *****************************************************************************/ +#ifdef CHEEVOS_LOG_URLS +static void cheevos_log_url(const char* format, const char* url) +{ +#ifdef CHEEVOS_LOG_PASSWORD + RARCH_LOG(format, url); +#else + char copy[256]; + char* aux; + + strncpy(copy, url, sizeof(copy)); + copy[sizeof(copy) - 1] = 0; + + aux = strstr(copy, "p="); + + if (aux != NULL) + { + aux += 2; + + while (*aux != 0 && *aux != '&') + *aux++ = 'X'; + } + + aux = strstr(copy, "t="); + + if (aux != NULL) + { + aux += 2; + + while (*aux != 0 && *aux != '&') + *aux++ = 'X'; + } + + RARCH_LOG(format, copy); +#endif +} +#endif + #ifdef CHEEVOS_VERBOSE static void cheevos_add_char(char** aux, size_t* left, char k) { @@ -1781,7 +1822,7 @@ static int cheevos_login(retro_time_t *timeout) request[sizeof(request) - 1] = 0; #ifdef CHEEVOS_LOG_URLS - RARCH_LOG("CHEEVOS url to login: %s\n", request); + cheevos_log_url("CHEEVOS url to login: %s\n", request); #endif if (!cheevos_http_get(&json, NULL, request, timeout)) @@ -1818,7 +1859,7 @@ static void cheevos_make_unlock_url(const cheevo_t *cheevo, char* url, size_t ur url[url_size - 1] = 0; #ifdef CHEEVOS_LOG_URLS - RARCH_LOG("CHEEVOS url to award the cheevo: %s\n", url); + cheevos_log_url("CHEEVOS url to award the cheevo: %s\n", url); #endif } @@ -1942,7 +1983,7 @@ static int cheevos_get_by_game_id(const char **json, request[sizeof(request) - 1] = 0; #ifdef CHEEVOS_LOG_URLS - RARCH_LOG("CHEEVOS url to get the list of cheevos: %s\n", request); + cheevos_log_url("CHEEVOS url to get the list of cheevos: %s\n", request); #endif if (!cheevos_http_get(json, NULL, request, timeout)) @@ -1987,7 +2028,7 @@ static unsigned cheevos_get_game_id(unsigned char *hash, retro_time_t *timeout) request[sizeof(request) - 1] = 0; #ifdef CHEEVOS_LOG_URLS - RARCH_LOG("CHEEVOS url to get the game's id: %s\n", request); + cheevos_log_url("CHEEVOS url to get the game's id: %s\n", request); #endif if (!cheevos_http_get(&json, NULL, request, timeout)) @@ -2021,7 +2062,7 @@ static void cheevos_make_playing_url(unsigned game_id, char* url, size_t url_siz url[url_size - 1] = 0; #ifdef CHEEVOS_LOG_URLS - RARCH_LOG("CHEEVOS url to post the 'playing' activity: %s\n", url); + cheevos_log_url("CHEEVOS url to post the 'playing' activity: %s\n", url); #endif } @@ -2148,7 +2189,7 @@ static int cheevos_deactivate_unlocks(unsigned game_id, retro_time_t *timeout) request[sizeof(request) - 1] = 0; #ifdef CHEEVOS_LOG_URLS - RARCH_LOG("CHEEVOS url to get the list of unlocked cheevos in softcore: %s\n", request); + cheevos_log_url("CHEEVOS url to get the list of unlocked cheevos in softcore: %s\n", request); #endif if (!cheevos_http_get(&json, NULL, request, timeout)) @@ -2177,7 +2218,7 @@ static int cheevos_deactivate_unlocks(unsigned game_id, retro_time_t *timeout) request[sizeof(request) - 1] = 0; #ifdef CHEEVOS_LOG_URLS - RARCH_LOG("CHEEVOS url to get the list of unlocked cheevos in hardcore: %s\n", request); + cheevos_log_url("CHEEVOS url to get the list of unlocked cheevos in hardcore: %s\n", request); #endif if (!cheevos_http_get(&json, NULL, request, timeout)) @@ -2601,7 +2642,7 @@ found: fclose(file); } #else - if (!cheevos_get_by_game_id(&json, game_id, &timeout)) + if (cheevos_get_by_game_id(&json, game_id, &timeout) == 0 && json != NULL) #endif { if (!cheevos_parse(json)) From 5751ea57271a76e95a8cbfbaf3c96f380b0732b9 Mon Sep 17 00:00:00 2001 From: Andre Leiradella Date: Wed, 23 Nov 2016 22:02:02 +0000 Subject: [PATCH 2/3] Better parameter searching; remove parameter value instead of overriding it with X --- cheevos.c | 41 +++++++++++++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/cheevos.c b/cheevos.c index 9c98181141..d2ea641dbc 100644 --- a/cheevos.c +++ b/cheevos.c @@ -309,28 +309,53 @@ static void cheevos_log_url(const char* format, const char* url) #else char copy[256]; char* aux; + char* next; strncpy(copy, url, sizeof(copy)); copy[sizeof(copy) - 1] = 0; - aux = strstr(copy, "p="); + aux = strstr(copy, "?p="); + + if (aux == NULL) + aux = strstr(copy, "&p="); if (aux != NULL) { - aux += 2; + aux += 3; + next = strchr(aux, '&'); - while (*aux != 0 && *aux != '&') - *aux++ = 'X'; + if (next != NULL) + { + do + { + *aux++ = *next++; + } + while (next[-1] != 0); + } + else + *aux = 0; } - aux = strstr(copy, "t="); + aux = strstr(copy, "?t="); + + if (aux == NULL) + aux = strstr(copy, "&t="); if (aux != NULL) { - aux += 2; + aux += 3; + next = strchr(aux, '&'); - while (*aux != 0 && *aux != '&') - *aux++ = 'X'; + if (next != NULL) + { + do + { + *aux++ = *next++; + } + while (next[-1] != 0); + } + else + *aux = 0; } RARCH_LOG(format, copy); From 298484b62be78a91506b5f2d8f44345b2708a27a Mon Sep 17 00:00:00 2001 From: Andre Leiradella Date: Wed, 23 Nov 2016 22:10:55 +0000 Subject: [PATCH 3/3] Use strlcpy instead of strncpy --- cheevos.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/cheevos.c b/cheevos.c index d2ea641dbc..ef53cd5e01 100644 --- a/cheevos.c +++ b/cheevos.c @@ -18,6 +18,7 @@ #include #include +#include #include #include @@ -311,8 +312,7 @@ static void cheevos_log_url(const char* format, const char* url) char* aux; char* next; - strncpy(copy, url, sizeof(copy)); - copy[sizeof(copy) - 1] = 0; + strlcpy(copy, url, sizeof(copy)); aux = strstr(copy, "?p="); @@ -465,13 +465,12 @@ static void cheevos_log_cheevo(const cheevo_t* cheevo, char memaddr[256]; size_t length; - length = memaddr_ud->length + 1; + length = memaddr_ud->length; - if (length >= sizeof(memaddr)) + if (length > sizeof(memaddr)) length = sizeof(memaddr); - strncpy(memaddr, memaddr_ud->string, length - 1); - memaddr[length - 1] = 0; + strlcpy(memaddr, memaddr_ud->string, length); RARCH_LOG("CHEEVOS cheevo %p\n", cheevo); RARCH_LOG("CHEEVOS id: %u\n", cheevo->id); @@ -753,8 +752,7 @@ static int cheevos_get_value(const char *json, unsigned key_hash, if ((jsonsax_parse(json, &handlers, (void*)&ud) == JSONSAX_OK) && ud.value && ud.length < length) { - strncpy(value, ud.value, length); - value[ud.length] = 0; + strlcpy(value, ud.value, length); return 0; } @@ -2816,17 +2814,15 @@ void cheevos_populate_menu(void *data, bool hardcore) bool cheevos_get_description(cheevos_ctx_desc_t *desc) { - cheevo_t *cheevos = cheevos_locals.core.cheevos; + cheevo_t *cheevos = cheevos_locals.core.cheevos; if (desc->idx >= cheevos_locals.core.count) { - cheevos = cheevos_locals.unofficial.cheevos; - desc->idx -= cheevos_locals.unofficial.count; + cheevos = cheevos_locals.unofficial.cheevos; + desc->idx -= cheevos_locals.unofficial.count; } - strncpy(desc->s, cheevos[desc->idx].description, desc->len); - desc->s[desc->len - 1] = 0; - + strlcpy(desc->s, cheevos[desc->idx].description, desc->len); return true; }