Unverified Commit 237ee464 authored by s1lent's avatar s1lent

SV_WriteId_f, DemoFile::StartRecording: Enforce certain extensions be used for...

SV_WriteId_f, DemoFile::StartRecording: Enforce certain extensions be used for files (*.dem, *.cfg) and prevent certain path characters from being used in commands
SV_CheckForDuplicateNames: revert checks (default behavior hlds)
parent 0ce0af7d
......@@ -253,6 +253,24 @@ bool DemoFile::StartRecording(char *newName)
Q_strlcpy(m_FileName, newName);
COM_DefaultExtension(m_FileName, ".dem");
if (m_FileName[0] == '/'
|| Q_strstr(m_FileName, ":")
|| Q_strstr(m_FileName, "..")
|| Q_strstr(m_FileName, "\\"))
{
m_System->Printf("WARNING! DemoFile::StartRecording: unable to open %s (contains illegal characters).\n", m_FileName);
return false;
}
const char *pszFileExt = COM_FileExtension(m_FileName);
if (Q_stricmp(pszFileExt, "dem") != 0)
{
m_System->Printf("WARNING! DemoFile::StartRecording: unable to open %s (wrong file extension, must be .dem).\n", m_FileName);
return false;
}
m_FileHandle = m_FileSystem->Open(m_FileName, "wb");
if (!m_FileHandle) {
m_System->Printf("WARNING! DemoFile::StartRecording: coudn't open demo file %s.\n", m_FileName);
......
......@@ -181,6 +181,62 @@ void COM_FileBase(char *in, char *out)
out[len] = '\0';
}
void COM_DefaultExtension(char *path, char *extension)
{
char *src;
src = path + Q_strlen(path) - 1;
while (*src != '/' && *src != '\\' && src != path)
{
if (*src == '.')
{
return;
}
src--;
}
Q_strcat(path, extension);
}
char *COM_FileExtension(char *in)
{
static char exten[MAX_PATH];
char *c, *d = nullptr;
int i;
// Search for the first dot after the last path separator
c = in;
while (*c)
{
if (*c == '/' || *c == '\\')
{
d = nullptr; // reset dot location on path separator
}
else if (d == nullptr && *c == '.')
{
d = c; // store first dot location in the file name
}
c++;
}
if (d == nullptr)
{
return "";
}
d++; // skip dot
// Copy extension
for (i = 0; i < (ARRAYSIZE(exten) - 1) && *d; i++, d++)
{
exten[i] = *d;
}
exten[i] = '\0';
return exten;
}
char com_token[COM_TOKEN_LEN];
qboolean s_com_token_unget = FALSE;
......
......@@ -34,6 +34,8 @@ char *COM_SkipPath(char *pathname);
char *COM_GetBaseDir();
void COM_FixSlashes(char *pname);
void COM_FileBase(char *in, char *out);
void COM_DefaultExtension(char *path, char *extension);
char *COM_FileExtension(char *in);
void COM_UngetToken();
char *COM_Parse(char *data);
char *COM_VarArgs(char *format, ...);
......
......@@ -494,7 +494,7 @@ int SV_FinishCertificateCheck_internal(netadr_t *adr, int nAuthProtocol, char *s
int SV_CheckKeyInfo(netadr_t *adr, char *protinfo, unsigned short *port, int *pAuthProtocol, char *pszRaw, char *cdkey);
int SV_CheckKeyInfo_internal(netadr_t *adr, char *protinfo, unsigned short *port, int *pAuthProtocol, char *pszRaw, char *cdkey);
int SV_CheckForDuplicateSteamID(client_t *client);
int SV_CheckForDuplicateNames(char *userinfo, qboolean bIsReconnecting, int nExcludeSlot);
qboolean SV_CheckForDuplicateNames(char *userinfo, qboolean bIsReconnecting, int nExcludeSlot);
int SV_CheckUserInfo(netadr_t *adr, char *userinfo, qboolean bIsReconnecting, int nReconnectSlot, char *name);
int SV_FindEmptySlot(netadr_t *adr, int *pslot, client_t ** ppClient);
void SV_ConnectClient(void);
......
......@@ -1985,13 +1985,21 @@ int SV_CheckForDuplicateSteamID(client_t *client)
return -1;
}
int SV_CheckForDuplicateNames(char *userinfo, qboolean bIsReconnecting, int nExcludeSlot)
qboolean SV_CheckForDuplicateNames(char *userinfo, qboolean bIsReconnecting, int nExcludeSlot)
{
int dupc = 0;
int changed = FALSE;
qboolean changed = FALSE;
const char *val = Info_ValueForKey(userinfo, "name");
#ifndef REHLDS_FIXES
if (!val || val[0] == '\0' || Q_strstr(val, "..") != NULL || Q_strstr(val, "\"") != NULL || Q_strstr(val, "\\") != NULL)
{
Info_SetValueForKey(userinfo, "name", "unnamed", MAX_INFO_STRING);
return TRUE;
}
#endif // REHLDS_FIXES
char rawname[MAX_NAME];
Q_strncpy(rawname, val, MAX_NAME - 1);
......@@ -2011,6 +2019,7 @@ int SV_CheckForDuplicateNames(char *userinfo, qboolean bIsReconnecting, int nExc
char newname[MAX_NAME];
Q_snprintf(newname, sizeof(newname), "(%d)%-0.*s", ++dupc, 28, rawname);
#ifdef REHLDS_FIXES
// Fix possibly incorrectly cut UTF8 chars
if (!Q_UnicodeValidate(newname))
......@@ -2018,6 +2027,7 @@ int SV_CheckForDuplicateNames(char *userinfo, qboolean bIsReconnecting, int nExc
Q_UnicodeRepair(newname);
}
#endif // REHLDS_FIXES
Info_SetValueForKey(userinfo, "name", newname, MAX_INFO_STRING);
val = Info_ValueForKey(userinfo, "name");
changed = TRUE;
......@@ -6816,8 +6826,26 @@ void SV_RemoveId_f(void)
void SV_WriteId_f(void)
{
if (bannedcfgfile.string[0] == '/' ||
Q_strstr(bannedcfgfile.string, ":") ||
Q_strstr(bannedcfgfile.string, "..") ||
Q_strstr(bannedcfgfile.string, "\\"))
{
Con_Printf("Couldn't open %s (contains illegal characters).\n", bannedcfgfile.string);
return;
}
char name[MAX_PATH];
Q_snprintf(name, MAX_PATH, "%s", bannedcfgfile.string);
Q_strlcpy(name, bannedcfgfile.string);
COM_DefaultExtension(name, ".cfg");
const char *pszFileExt = COM_FileExtension(name);
if (Q_stricmp(pszFileExt, "cfg") != 0)
{
Con_Printf("Couldn't open %s (wrong file extension, must be .cfg).\n", name);
return;
}
Con_Printf("Writing %s.\n", name);
FILE *f = FS_Open(name, "wt");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment