Merge pull request #3185 from gavinandresen/reject

Reject p2p message
author: Gavin Andresen <[email protected]> 2013-11-10 17:11:39 -0800
committer: Gavin Andresen <[email protected]> 2013-11-10 17:11:39 -0800
commit: 16d5f2c5e0a7276fb2b09d8dd51b7bac2753c4cc (patch)
tree: e2abbe951c7b5533452ed8459c6bf7539c5caab7 /src/util.cpp
parent: Fix struct/class declaration mismatches (diff)
parent: Bump protocol version to 70002 (diff)
download: discoin-16d5f2c5e0a7276fb2b09d8dd51b7bac2753c4cc.tar.xz
discoin-16d5f2c5e0a7276fb2b09d8dd51b7bac2753c4cc.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/src/util.cpp b/src/util.cpp
index 9562cf310..5411bb2fe 100644
--- a/src/util.cpp
+++ b/src/util.cpp
@@ -475,6 +475,19 @@ bool ParseMoney(const char* pszIn, int64_t& nRet)
     return true;
 }
 
+// safeChars chosen to allow simple messages/URLs/email addresses, but avoid anything
+// even possibly remotely dangerous like & or >
+static string safeChars("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890 .,;_/:?@");
+string SanitizeString(const string& str)
+{
+    string strResult;
+    for (std::string::size_type i = 0; i < str.size(); i++)
+    {
+        if (safeChars.find(str[i]) != std::string::npos)
+            strResult.push_back(str[i]);
+    }
+    return strResult;
+}
 
 const signed char p_util_hexdigit[256] =
 { -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
author	Gavin Andresen <[email protected]>	2013-11-10 17:11:39 -0800
committer	Gavin Andresen <[email protected]>	2013-11-10 17:11:39 -0800
commit	16d5f2c5e0a7276fb2b09d8dd51b7bac2753c4cc (patch)
tree	e2abbe951c7b5533452ed8459c6bf7539c5caab7 /src/util.cpp
parent	Fix struct/class declaration mismatches (diff)
parent	Bump protocol version to 70002 (diff)
download	discoin-16d5f2c5e0a7276fb2b09d8dd51b7bac2753c4cc.tar.xz discoin-16d5f2c5e0a7276fb2b09d8dd51b7bac2753c4cc.zip