projects
/
rocksndiamonds.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
b7fe72d
)
added checking for invalid/malicious filenames in network protocol
author
Holger Schemel
<info@artsoft.org>
Fri, 31 Aug 2018 06:13:05 +0000
(08:13 +0200)
committer
Holger Schemel
<info@artsoft.org>
Fri, 31 Aug 2018 06:13:05 +0000
(08:13 +0200)
src/network.c
patch
|
blob
|
history
diff --git
a/src/network.c
b/src/network.c
index bf12567b4bbc5836fa0b5502a96cfd3dbd5dfb5e..d0c156198408b3af688b3f106119b9a9280af3b0 100644
(file)
--- a/
src/network.c
+++ b/
src/network.c
@@
-182,6
+182,11
@@
char *getNetworkPlayerName(int player_nr)
return(EMPTY_PLAYER_NAME);
}
return(EMPTY_PLAYER_NAME);
}
+static boolean hasPathSeparator(char *s)
+{
+ return (strchr(s, '/') != NULL);
+}
+
static void StartNetworkServer(int port)
{
static int p;
static void StartNetworkServer(int port)
{
static int p;
@@
-827,6
+832,9
@@
static void Handle_OP_LEVEL_FILE()
leveldir_identifier = getStringCopy(getNetworkBufferString(read_buffer));
leveldir_identifier = getStringCopy(getNetworkBufferString(read_buffer));
+ if (hasPathSeparator(leveldir_identifier))
+ Error(ERR_EXIT, "protocol error: invalid filename from network client");
+
InitNetworkLevelDirectory(leveldir_identifier);
network_level_dir = getNetworkLevelDir(leveldir_identifier);
InitNetworkLevelDirectory(leveldir_identifier);
network_level_dir = getNetworkLevelDir(leveldir_identifier);
@@
-837,6
+845,9
@@
static void Handle_OP_LEVEL_FILE()
file_info->basename = getStringCopy(getNetworkBufferString(read_buffer));
file_info->filename = getPath2(network_level_dir, file_info->basename);
file_info->basename = getStringCopy(getNetworkBufferString(read_buffer));
file_info->filename = getPath2(network_level_dir, file_info->basename);
+ if (hasPathSeparator(file_info->basename))
+ Error(ERR_EXIT, "protocol error: invalid filename from network client");
+
getNetworkBufferFile(read_buffer, file_info->filename);
use_custom_template = getNetworkBuffer8BitInteger(read_buffer);
getNetworkBufferFile(read_buffer, file_info->filename);
use_custom_template = getNetworkBuffer8BitInteger(read_buffer);
@@
-847,6
+858,9
@@
static void Handle_OP_LEVEL_FILE()
tmpl_info->basename = getStringCopy(getNetworkBufferString(read_buffer));
tmpl_info->filename = getPath2(network_level_dir, tmpl_info->basename);
tmpl_info->basename = getStringCopy(getNetworkBufferString(read_buffer));
tmpl_info->filename = getPath2(network_level_dir, tmpl_info->basename);
+ if (hasPathSeparator(tmpl_info->basename))
+ Error(ERR_EXIT, "protocol error: invalid filename from network client");
+
getNetworkBufferFile(read_buffer, tmpl_info->filename);
}
getNetworkBufferFile(read_buffer, tmpl_info->filename);
}