From 10466746b4083d93af547c153db3730e74c8a3a2 Mon Sep 17 00:00:00 2001 From: rubidium Date: Wed, 20 May 2015 18:18:26 +0000 Subject: (svn r27290) -Fix: sanitize the command line arguments before doing anything complex with them --- src/os/os2/os2.cpp | 3 +++ src/os/unix/unix.cpp | 5 +++-- src/os/windows/win32.cpp | 3 +++ 3 files changed, 9 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/os/os2/os2.cpp b/src/os/os2/os2.cpp index eb3671029..386cc4dbb 100644 --- a/src/os/os2/os2.cpp +++ b/src/os/os2/os2.cpp @@ -174,6 +174,9 @@ int CDECL main(int argc, char *argv[]) { SetRandomSeed(time(NULL)); + /* Make sure our arguments contain only valid UTF-8 characters. */ + for (int i = 0; i < argc; i++) ValidateString(argv[i]); + return openttd_main(argc, argv); } diff --git a/src/os/unix/unix.cpp b/src/os/unix/unix.cpp index 59d40cc89..24dedb2ee 100644 --- a/src/os/unix/unix.cpp +++ b/src/os/unix/unix.cpp @@ -259,7 +259,8 @@ void cocoaReleaseAutoreleasePool(); int CDECL main(int argc, char *argv[]) { - int ret; + /* Make sure our arguments contain only valid UTF-8 characters. */ + for (int i = 0; i < argc; i++) ValidateString(argv[i]); #ifdef WITH_COCOA cocoaSetupAutoreleasePool(); @@ -275,7 +276,7 @@ int CDECL main(int argc, char *argv[]) signal(SIGPIPE, SIG_IGN); - ret = openttd_main(argc, argv); + int ret = openttd_main(argc, argv); #ifdef WITH_COCOA cocoaReleaseAutoreleasePool(); diff --git a/src/os/windows/win32.cpp b/src/os/windows/win32.cpp index 3d5f0ebde..f69f01f6c 100644 --- a/src/os/windows/win32.cpp +++ b/src/os/windows/win32.cpp @@ -453,6 +453,9 @@ int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLi argc = ParseCommandLine(cmdline, argv, lengthof(argv)); + /* Make sure our arguments contain only valid UTF-8 characters. */ + for (int i = 0; i < argc; i++) ValidateString(argv[i]); + openttd_main(argc, argv); free(cmdline); return 0; -- cgit v1.2.3-70-g09d2