added checking for invalid/malicious filenames in network protocol

author Holger Schemel <info@artsoft.org>

Fri, 31 Aug 2018 06:13:05 +0000 (08:13 +0200)

committer Holger Schemel <info@artsoft.org>

Fri, 31 Aug 2018 06:13:05 +0000 (08:13 +0200)
author Holger Schemel <info@artsoft.org>
Fri, 31 Aug 2018 06:13:05 +0000 (08:13 +0200)
committer Holger Schemel <info@artsoft.org>
Fri, 31 Aug 2018 06:13:05 +0000 (08:13 +0200)
diff --git a/src/network.c b/src/network.c

index bf12567b4bbc5836fa0b5502a96cfd3dbd5dfb5e..d0c156198408b3af688b3f106119b9a9280af3b0 100644 (file)
--- a/src/network.c
+++ b/src/network.c
@@ -182,6 +182,11 @@ char *getNetworkPlayerName(int player_nr)
    return(EMPTY_PLAYER_NAME);
  }
  
    return(EMPTY_PLAYER_NAME);
  }
  
+static boolean hasPathSeparator(char *s)
+{
+  return (strchr(s, '/') != NULL);
+}
+
  static void StartNetworkServer(int port)
  {
    static int p;
  static void StartNetworkServer(int port)
  {
    static int p;
@@ -827,6 +832,9 @@ static void Handle_OP_LEVEL_FILE()
  
    leveldir_identifier = getStringCopy(getNetworkBufferString(read_buffer));
  
  
    leveldir_identifier = getStringCopy(getNetworkBufferString(read_buffer));
  
+  if (hasPathSeparator(leveldir_identifier))
+    Error(ERR_EXIT, "protocol error: invalid filename from network client");
+
    InitNetworkLevelDirectory(leveldir_identifier);
  
    network_level_dir   = getNetworkLevelDir(leveldir_identifier);
    InitNetworkLevelDirectory(leveldir_identifier);
  
    network_level_dir   = getNetworkLevelDir(leveldir_identifier);
@@ -837,6 +845,9 @@ static void Handle_OP_LEVEL_FILE()
    file_info->basename = getStringCopy(getNetworkBufferString(read_buffer));
    file_info->filename = getPath2(network_level_dir, file_info->basename);
  
    file_info->basename = getStringCopy(getNetworkBufferString(read_buffer));
    file_info->filename = getPath2(network_level_dir, file_info->basename);
  
+  if (hasPathSeparator(file_info->basename))
+    Error(ERR_EXIT, "protocol error: invalid filename from network client");
+
    getNetworkBufferFile(read_buffer, file_info->filename);
  
    use_custom_template = getNetworkBuffer8BitInteger(read_buffer);
    getNetworkBufferFile(read_buffer, file_info->filename);
  
    use_custom_template = getNetworkBuffer8BitInteger(read_buffer);
@@ -847,6 +858,9 @@ static void Handle_OP_LEVEL_FILE()
      tmpl_info->basename = getStringCopy(getNetworkBufferString(read_buffer));
      tmpl_info->filename = getPath2(network_level_dir, tmpl_info->basename);
  
      tmpl_info->basename = getStringCopy(getNetworkBufferString(read_buffer));
      tmpl_info->filename = getPath2(network_level_dir, tmpl_info->basename);
  
+    if (hasPathSeparator(tmpl_info->basename))
+      Error(ERR_EXIT, "protocol error: invalid filename from network client");
+
      getNetworkBufferFile(read_buffer, tmpl_info->filename);
    }
  
      getNetworkBufferFile(read_buffer, tmpl_info->filename);
    }
author	Holger Schemel <info@artsoft.org>
	Fri, 31 Aug 2018 06:13:05 +0000 (08:13 +0200)
committer	Holger Schemel <info@artsoft.org>
	Fri, 31 Aug 2018 06:13:05 +0000 (08:13 +0200)