From fc3f0355a55bae7047fa41ce7a603cc1a94bd98f Mon Sep 17 00:00:00 2001 From: kaetemi Date: Fri, 4 Jun 2021 15:40:25 +0800 Subject: [PATCH] Remove web notification polling (remote code execution path) --- ryzom/client/client_default.cfg | 1 - ryzom/client/src/client_cfg.cpp | 2 - ryzom/client/src/client_cfg.h | 1 - .../src/interface_v3/group_html_webig.cpp | 193 ------------------ .../src/interface_v3/group_html_webig.h | 3 - .../src/interface_v3/interface_manager.cpp | 4 - 6 files changed, 204 deletions(-) diff --git a/ryzom/client/client_default.cfg b/ryzom/client/client_default.cfg index 82709677a..714ab7644 100644 --- a/ryzom/client/client_default.cfg +++ b/ryzom/client/client_default.cfg @@ -608,7 +608,6 @@ HelpPages = }; // interval in minutes for webig notify thread to run -WebIgNotifInterval = 0; WebIgMainDomain = "https://classic.ryzom.dev"; WebIgTrustedDomains = { "classic.ryzom.dev" diff --git a/ryzom/client/src/client_cfg.cpp b/ryzom/client/src/client_cfg.cpp index 51a0f7e78..a80084342 100644 --- a/ryzom/client/src/client_cfg.cpp +++ b/ryzom/client/src/client_cfg.cpp @@ -436,7 +436,6 @@ CClientConfig::CClientConfig() WebIgMainDomain = RYZOM_WEBIG_MAIN_URL; // https://open.ryzom.dev/" WebIgTrustedDomains.push_back(RYZOM_WEBIG_TRUSTED_DOMAIN); // open.ryzom.dev - WebIgNotifInterval = 10; // time in minutes CurlMaxConnections = 5; CurlCABundle.clear(); @@ -1115,7 +1114,6 @@ void CClientConfig::setValues() || ClientCfg.WebIgMainDomain.find("https://") == std::string::npos) ClientCfg.WebIgMainDomain = "http://" + ClientCfg.WebIgMainDomain; READ_STRINGVECTOR_FV(WebIgTrustedDomains); - READ_INT_FV(WebIgNotifInterval); READ_INT_FV(CurlMaxConnections); if (ClientCfg.CurlMaxConnections < 0) ClientCfg.CurlMaxConnections = 2; diff --git a/ryzom/client/src/client_cfg.h b/ryzom/client/src/client_cfg.h index 39af6baef..882a1ac81 100644 --- a/ryzom/client/src/client_cfg.h +++ b/ryzom/client/src/client_cfg.h @@ -323,7 +323,6 @@ struct CClientConfig std::string WebIgMainDomain; std::vector WebIgTrustedDomains; - uint WebIgNotifInterval; // value in minutes for notification thread sint32 CurlMaxConnections; string CurlCABundle; diff --git a/ryzom/client/src/interface_v3/group_html_webig.cpp b/ryzom/client/src/interface_v3/group_html_webig.cpp index 95ec3aa0e..3576f2fe2 100644 --- a/ryzom/client/src/interface_v3/group_html_webig.cpp +++ b/ryzom/client/src/interface_v3/group_html_webig.cpp @@ -159,199 +159,6 @@ size_t writeDataFromCurl(void *buffer, size_t size, size_t nmemb, void *pcl) return size*nmemb; } -class CWebigNotificationThread : public NLMISC::IRunnable -{ -private: - CURL *Curl; - bool _Running; - IThread *_Thread; - -public: - - CWebigNotificationThread() - { - _Running = false; - _Thread = NULL; - curl_global_init(CURL_GLOBAL_ALL); - - Curl = NULL; - //nlinfo("ctor CWebigNotificationThread"); - } - - void init() - { - if (Curl) - { - return; - } - - Curl = curl_easy_init(); - if(!Curl) return; - curl_easy_setopt(Curl, CURLOPT_COOKIEFILE, ""); - curl_easy_setopt(Curl, CURLOPT_NOPROGRESS, 1); - curl_easy_setopt(Curl, CURLOPT_USERAGENT, getUserAgent().c_str()); - curl_easy_setopt(Curl, CURLOPT_FOLLOWLOCATION, 1); - curl_easy_setopt(Curl, CURLOPT_WRITEFUNCTION, writeDataFromCurl); - - NLWEB::CCurlCertificates::useCertificates(Curl); - } - - ~CWebigNotificationThread() - { - if(Curl) - { - curl_easy_cleanup(Curl); - Curl = NULL; - } - if (_Thread) - { - _Thread->terminate(); - delete _Thread; - _Thread = NULL; - } - } - - void get(const std::string &url) - { - if(!Curl) return; - curlresult.clear(); - //nlinfo("get '%s'", url.c_str()); - curl_easy_setopt(Curl, CURLOPT_URL, url.c_str()); - CURLcode res = curl_easy_perform(Curl); - long r; - curl_easy_getinfo(Curl, CURLINFO_RESPONSE_CODE, &r); - //nlwarning("result : '%s'", curlresult.c_str()); - - char *ch; - std::string contentType; - res = curl_easy_getinfo(Curl, CURLINFO_CONTENT_TYPE, &ch); - if (res == CURLE_OK && ch != NULL) - { - contentType = ch; - } - - // "text/lua; charset=utf8" - if (contentType.find("text/lua") == 0) - { - std::string script; - script = "\nlocal __WEBIG_NOTIF__= true\n" + curlresult; - CInterfaceManager::getInstance()->queueLuaScript(script); - } - else - { - nlwarning("Invalid content-type '%s', expected 'text/lua'", contentType.c_str()); - } - } - - std::string randomString() - { - std::string chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; - std::string s; - for (int i = 0; i < 32; i++) - { - s += chars[uint(frand(float(chars.size())))]; - } - return s; - } - - void run() - { - if (ClientCfg.WebIgNotifInterval == 0) - { - _Running = false; - nlwarning("ClientCfg.WebIgNotifInterval == 0, notification thread not running"); - return; - } - - std::string domain = ClientCfg.WebIgMainDomain; - uint32 ms = ClientCfg.WebIgNotifInterval*60*1000; - - _Running = true; - // first time, we wait a small amount of time to be sure everything is initialized - nlSleep(30*1000); - uint c = 0; - while (_Running) - { - string url = domain + "/index.php?app=notif&format=lua&rnd=" + randomString(); - addWebIGParams(url, true); - get(url); - - sleepLoop(ms); - } - } - - void sleepLoop(uint ms) - { - // use smaller sleep time so stopThread() will not block too long - // tick == 100ms - uint32 ticks = ms / 100; - while (_Running && ticks > 0) { - nlSleep(100); - ticks--; - } - } - - void startThread() - { - // initialize curl outside thread - init(); - - if (!_Thread) - { - _Thread = IThread::create(this); - nlassert(_Thread != NULL); - _Thread->start(); - nlwarning("WebIgNotification thread started"); - } - else - { - nlwarning("WebIgNotification thread already started"); - } - } - - void stopThread() - { - _Running = false; - if (_Thread) - { - _Thread->wait(); - delete _Thread; - _Thread = NULL; - nlwarning("WebIgNotification thread stopped"); - } - else - { - nlwarning("WebIgNotification thread already stopped"); - } - } - - bool isRunning() const - { - return _Running; - } -}; - -static CWebigNotificationThread webigThread; -void startWebIgNotificationThread() -{ - if (!webigThread.isRunning()) - { - webigThread.startThread(); - } -} - -void stopWebIgNotificationThread() -{ - if (webigThread.isRunning()) - { - webigThread.stopThread(); - } -} - -// *************************************************************************** -// *************************************************************************** - - // *************************************************************************** NLMISC_REGISTER_OBJECT(CViewBase, CGroupHTMLAuth, std::string, "auth_html"); diff --git a/ryzom/client/src/interface_v3/group_html_webig.h b/ryzom/client/src/interface_v3/group_html_webig.h index dfa7fcc3c..5374ee911 100644 --- a/ryzom/client/src/interface_v3/group_html_webig.h +++ b/ryzom/client/src/interface_v3/group_html_webig.h @@ -25,9 +25,6 @@ #include "nel/misc/types_nl.h" #include "nel/gui/group_html.h" -void startWebIgNotificationThread(); -void stopWebIgNotificationThread(); - /** * Auth HTML group */ diff --git a/ryzom/client/src/interface_v3/interface_manager.cpp b/ryzom/client/src/interface_v3/interface_manager.cpp index 5e8b940d2..ea41bc711 100644 --- a/ryzom/client/src/interface_v3/interface_manager.cpp +++ b/ryzom/client/src/interface_v3/interface_manager.cpp @@ -1071,8 +1071,6 @@ void CInterfaceManager::initInGame() { displaySystemInfo(CI18N::get("uiLogTurnedOff")); } - - startWebIgNotificationThread(); } // ------------------------------------------------------------------------------------------------ @@ -1326,8 +1324,6 @@ void CInterfaceManager::uninitInGame0 () // ------------------------------------------------------------------------------------------------ void CInterfaceManager::uninitInGame1 () { - stopWebIgNotificationThread(); - // release Bar Manager (HP, SAP etc... Bars) CBarManager::getInstance()->releaseInGame();