From 19cae9b59b7f15c79e52364cce86b8528e387104 Mon Sep 17 00:00:00 2001 From: Inusaito Sayori Date: Fri, 21 Nov 2014 03:12:06 -0500 Subject: [PATCH] [RLVa] Escape potentially dirty strings before using them as regex in replace_all_regex Fixes crashes This changeset is welcome for use in LGPL viewers Thanks to Ansariel Hiller for pointing this crash out. --- indra/newview/rlvcommon.cpp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/indra/newview/rlvcommon.cpp b/indra/newview/rlvcommon.cpp index 491a1e3d4..5ee7bfba6 100644 --- a/indra/newview/rlvcommon.cpp +++ b/indra/newview/rlvcommon.cpp @@ -367,6 +367,12 @@ void RlvStrings::setCustomString(const std::string& strStringName, const std::st bool RlvUtil::m_fForceTp = false; +std::string escape_for_regex(const std::string& str) +{ + using namespace boost; + return regex_replace(str, regex("[.^$|()\\[\\]{}*+?\\\\]"), "\\\\&", match_default|format_sed); +} + // Checked: 2009-07-04 (RLVa-1.0.0a) | Modified: RLVa-1.0.0a void RlvUtil::filterLocation(std::string& strUTF8Text) { @@ -374,12 +380,12 @@ void RlvUtil::filterLocation(std::string& strUTF8Text) LLWorld::region_list_t regions = LLWorld::getInstance()->getRegionList(); const std::string& strHiddenRegion = RlvStrings::getString(RLV_STRING_HIDDEN_REGION); for (LLWorld::region_list_t::const_iterator itRegion = regions.begin(); itRegion != regions.end(); ++itRegion) - boost::replace_all_regex(strUTF8Text, boost::regex("\\b" + (*itRegion)->getName() + "\\b", boost::regex::icase), strHiddenRegion); + boost::replace_all_regex(strUTF8Text, boost::regex("\\b" + escape_for_regex((*itRegion)->getName()) + "\\b", boost::regex::icase), strHiddenRegion); // Filter any mention of the parcel name LLViewerParcelMgr* pParcelMgr = LLViewerParcelMgr::getInstance(); if (pParcelMgr) - boost::replace_all_regex(strUTF8Text, boost::regex("\\b" + pParcelMgr->getAgentParcelName() + "\\b", boost::regex::icase), RlvStrings::getString(RLV_STRING_HIDDEN_PARCEL)); + boost::replace_all_regex(strUTF8Text, boost::regex("\\b" + escape_for_regex(pParcelMgr->getAgentParcelName()) + "\\b", boost::regex::icase), RlvStrings::getString(RLV_STRING_HIDDEN_PARCEL)); } // Checked: 2010-12-08 (RLVa-1.2.2c) | Modified: RLVa-1.2.2c @@ -392,7 +398,7 @@ void RlvUtil::filterNames(std::string& strUTF8Text, bool fFilterLegacy) LLAvatarName avName; if (LLAvatarNameCache::get(idAgents[idxAgent], &avName)) { - const std::string& strDisplayName = avName.mDisplayName; + const std::string& strDisplayName = escape_for_regex(avName.mDisplayName); bool fFilterDisplay = (strDisplayName.length() > 2); const std::string& strLegacyName = avName.getLegacyName(); fFilterLegacy &= (strLegacyName.length() > 2);