From 7edad0d601a7ae925cba850c5a23019f99be2a1e Mon Sep 17 00:00:00 2001 From: Peter Keresztes Schmidt Date: Sun, 16 Aug 2020 21:32:31 +0200 Subject: Core/ChatCommands: Do not parse partial strings for numeric paramters (PR #25259) Check if integral/floating point type arguments were parsed successfully. std::stoull will happily parse floating point strings until the decimal separator and return the value. Make sure for all parsing methods that we actually parsed the whole token. This allows to use handler arguments like Variant which will be populated with the right type depending on the token value (e.g "10" vs "10.0"). --- .../game/Chat/ChatCommands/ChatCommandArgs.h | 24 +++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/server/game/Chat/ChatCommands/ChatCommandArgs.h b/src/server/game/Chat/ChatCommands/ChatCommandArgs.h index 242b806446d..c9e0723fbf8 100644 --- a/src/server/game/Chat/ChatCommands/ChatCommandArgs.h +++ b/src/server/game/Chat/ChatCommands/ChatCommandArgs.h @@ -51,7 +51,13 @@ struct ArgInfo && std::is_signed_v> { char const* next = args; std::string token(args, tokenize(next)); - try { val = std::stoll(token); } + try + { + size_t processedChars = 0; + val = std::stoll(token, &processedChars, 0); + if (processedChars != token.length()) + return nullptr; + } catch (...) { return nullptr; } return next; } @@ -65,7 +71,13 @@ struct ArgInfo && std::is_unsigned_v>> { char const* next = args; std::string token(args, tokenize(next)); - try { val = std::stold(token); } + try + { + size_t processedChars = 0; + val = std::stold(token, &processedChars); + if (processedChars != token.length()) + return nullptr; + } catch (...) { return nullptr; } return std::isfinite(val) ? next : nullptr; } -- cgit v1.2.3