From 7ae273f5500d2f977e12b2585d37e411051aac95 Mon Sep 17 00:00:00 2001
From: Tixx <83774803+WiserTixx@users.noreply.github.com>
Date: Tue, 31 Mar 2026 23:47:46 +0200
Subject: [PATCH] Check hash with regex

---
 src/Startup.cpp | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/Startup.cpp b/src/Startup.cpp
index cbbeb22..ca90b29 100644
--- a/src/Startup.cpp
+++ b/src/Startup.cpp
@@ -335,6 +335,15 @@ void CheckForUpdates(const std::string& CV) {
     std::string LatestVersion = HTTP::Get(
         "https://backend.beammp.com/version/launcher?branch=" + Branch + "&pk=" + PublicKey);
 
+    std::regex sha256_pattern(R"(^[a-fA-F0-9]{64}$)");
+    std::smatch match;
+
+    if (LatestHash.length() != 64 || !std::regex_match(LatestHash, match, sha256_pattern)) {
+        error("Invalid hash from backend, skipping update check.");
+        debug("Launcher hash in question: " + LatestHash);
+        return;
+    }
+
     transform(LatestHash.begin(), LatestHash.end(), LatestHash.begin(), ::tolower);
     beammp_fs_string BP(GetBP() / GetEN()), Back(GetBP() / beammp_wide("BeamMP-Launcher.back"));
 
@@ -511,6 +520,15 @@ void PreGame(const beammp_fs_string& GamePath) {
                              [](auto const& c) -> bool { return !std::isalnum(c); }),
             LatestHash.end());
 
+        std::regex sha256_pattern(R"(^[a-fA-F0-9]{64}$)");
+        std::smatch match;
+
+        if (LatestHash.length() != 64 || !std::regex_match(LatestHash, match, sha256_pattern)) {
+            error("Invalid hash from backend, skipping mod update check.");
+            debug("Mod hash in question: " + LatestHash);
+            return;
+        }
+
         try {
             if (!fs::exists(GetGamePath() / beammp_wide("mods/multiplayer"))) {
                 fs::create_directories(GetGamePath() / beammp_wide("mods/multiplayer"));