Skip to content
Snippets Groups Projects
Commit ed61911e authored by wolfs's avatar wolfs Committed by Luna
Browse files

Block possible methods of accessing folders outside of SRB2

parent 0253d6b3
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 8 additions and 1 deletion
src/blua/liolib.c
+ 8
1
View file @ ed61911e
...@@ -153,6 +153,12 @@ static int io_tostring (lua_State *L) { ...@@ -153,6 +153,12 @@ static int io_tostring (lua_State *L) {
return 1; return 1;
} }
static int StartsWith(const char *a, const char *b) // this is wolfs being lazy yet again
{
if(strncmp(a, b, strlen(b)) == 0) return 1;
return 0;
}
static int io_open (lua_State *L) { static int io_open (lua_State *L) {
const char *filename = luaL_checkstring(L, 1); const char *filename = luaL_checkstring(L, 1);
...@@ -166,7 +172,8 @@ static int io_open (lua_State *L) { ...@@ -166,7 +172,8 @@ static int io_open (lua_State *L) {
break; break;
} }
} }
if (strstr(filename, "../") || strstr(filename, "..\\") || !pass) if (strstr(filename, "..") || strchr(filename, ':') || StartsWith(filename, "\\")
|| StartsWith(filename, "/") || !pass)
{ {
luaL_error(L,"access denied to %s", filename); luaL_error(L,"access denied to %s", filename);
return pushresult(L,0,filename); return pushresult(L,0,filename);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment