From 4cefb286f4a24ac28a5a846c7df777c8f9a89644 Mon Sep 17 00:00:00 2001 From: elexis Date: Sun, 27 May 2018 13:47:18 +0000 Subject: [PATCH] Prevent the lobby gamelist from breaking entirely if a gamestanza contains an empty or invalid mod version JSON string (refs eca956a513). Catch all JSON SyntaxError exceptions in JS (refs d7d0a7f869). The C++ ParseJSON function already catches exceptions and the resulting errors can't trigger a denial of service. Differential Revision: https://code.wildfiregames.com/D1479 Based on patch by: Imarok Reviewed by: Imarok Comments By: Itms This was SVN commit r21827. --- .../mods/public/gui/common/functions_utility.js | 13 ++++++++++--- binaries/data/mods/public/gui/lobby/lobby.js | 13 +++++++++++-- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/binaries/data/mods/public/gui/common/functions_utility.js b/binaries/data/mods/public/gui/common/functions_utility.js index aa212d26e2..6e9d05d30f 100644 --- a/binaries/data/mods/public/gui/common/functions_utility.js +++ b/binaries/data/mods/public/gui/common/functions_utility.js @@ -87,7 +87,13 @@ function playerDataToStringifiedTeamList(playerData) function stringifiedTeamListToPlayerData(stringifiedTeamList) { - let teamList = JSON.parse(unescapeText(stringifiedTeamList)); + let teamList = {}; + try + { + teamList = JSON.parse(unescapeText(stringifiedTeamList)); + } + catch (e) {} + let playerData = []; for (let team in teamList) @@ -171,12 +177,13 @@ function clearChatMessages() g_ChatMessages.length = 0; Engine.GetGUIObjectByName("chatText").caption = ""; - try { + try + { for (let timer of g_ChatTimers) clearTimeout(timer); g_ChatTimers.length = 0; - } catch (e) { } + catch (e) {} } /** diff --git a/binaries/data/mods/public/gui/lobby/lobby.js b/binaries/data/mods/public/gui/lobby/lobby.js index f80cfc8348..d5f5b808e9 100644 --- a/binaries/data/mods/public/gui/lobby/lobby.js +++ b/binaries/data/mods/public/gui/lobby/lobby.js @@ -1017,7 +1017,16 @@ function updateGameList() Math.round(playerRatings.reduce((sum, current) => sum + current) / playerRatings.length) : g_DefaultLobbyRating; - if (!hasSameMods(JSON.parse(game.mods), Engine.GetEngineInfo().mods)) + try + { + game.mods = JSON.parse(game.mods); + } + catch (e) + { + game.mods = []; + } + + if (!hasSameMods(game.mods, Engine.GetEngineInfo().mods)) game.state = "incompatible"; return game; @@ -1178,7 +1187,7 @@ function joinButton() messageBox( 400, 200, translate("Your active mods do not match the mods of this game.") + "\n\n" + - comparedModsString(JSON.parse(game.mods), Engine.GetEngineInfo().mods) + "\n\n" + + comparedModsString(game.mods, Engine.GetEngineInfo().mods) + "\n\n" + translate("Do you want to switch to the mod selection page?"), translate("Incompatible mods"), [translate("No"), translate("Yes")],