From 05858d30e8934cb14aac7d343c8328ae070bb039 Mon Sep 17 00:00:00 2001 From: Zack Middleton Date: Wed, 24 May 2017 09:17:39 -0500 Subject: [PATCH] Don't load libraries with non-standard file extensions Also don't allow writting files ending in a library extension such as ".so.0" or ".dylib.0". --- code/client/snd_openal.c | 6 ------ code/qcommon/files.c | 2 +- code/qcommon/qcommon.h | 2 ++ code/sys/sys_main.c | 13 +++++++++---- code/sys/sys_unix.c | 41 ++++++++++++++++++++++++++++++++++++++++ code/sys/sys_win32.c | 11 +++++++++++ 6 files changed, 64 insertions(+), 11 deletions(-) diff --git a/code/client/snd_openal.c b/code/client/snd_openal.c index 319ea371..dc1d817d 100644 --- a/code/client/snd_openal.c +++ b/code/client/snd_openal.c @@ -2517,12 +2517,6 @@ qboolean S_AL_Init( soundInterface_t *si ) s_alInputDevice = Cvar_Get( "s_alInputDevice", "", CVAR_ARCHIVE | CVAR_LATCH ); s_alDevice = Cvar_Get("s_alDevice", "", CVAR_ARCHIVE | CVAR_LATCH); - if ( COM_CompareExtension( s_alDriver->string, ".pk3" ) ) - { - Com_Printf( "Rejecting DLL named \"%s\"", s_alDriver->string ); - return qfalse; - } - // Load QAL if( !QAL_Init( s_alDriver->string ) ) { diff --git a/code/qcommon/files.c b/code/qcommon/files.c index e5a7e898..767f967b 100644 --- a/code/qcommon/files.c +++ b/code/qcommon/files.c @@ -566,7 +566,7 @@ static void FS_CheckFilenameIsMutable( const char *filename, const char *function ) { // Check if the filename ends with the library, QVM, or pk3 extension - if( COM_CompareExtension( filename, DLL_EXT ) + if( Sys_DllExtension( filename ) || COM_CompareExtension( filename, ".qvm" ) || COM_CompareExtension( filename, ".pk3" ) ) { diff --git a/code/qcommon/qcommon.h b/code/qcommon/qcommon.h index 996c3106..a73a03cc 100644 --- a/code/qcommon/qcommon.h +++ b/code/qcommon/qcommon.h @@ -1072,6 +1072,8 @@ void * QDECL Sys_LoadGameDll( const char *name, intptr_t (QDECL **entryPoint)(in intptr_t (QDECL *systemcalls)(intptr_t, ...) ); void Sys_UnloadDll( void *dllHandle ); +qboolean Sys_DllExtension( const char *name ); + char *Sys_GetCurrentUser( void ); void QDECL Sys_Error( const char *error, ...) __attribute__ ((noreturn, format (printf, 1, 2))); diff --git a/code/sys/sys_main.c b/code/sys/sys_main.c index 6d7fe7bf..1e8a8a1d 100644 --- a/code/sys/sys_main.c +++ b/code/sys/sys_main.c @@ -499,11 +499,10 @@ from executable path, then fs_basepath. void *Sys_LoadDll(const char *name, qboolean useSystemLib) { void *dllhandle; - - // Don't load any DLLs that end with the pk3 extension - if (COM_CompareExtension(name, ".pk3")) + + if(!Sys_DllExtension(name)) { - Com_Printf("Rejecting DLL named \"%s\"", name); + Com_Printf("Refusing to attempt to load library \"%s\": Extension not allowed.\n", name); return NULL; } @@ -561,6 +560,12 @@ void *Sys_LoadGameDll(const char *name, assert(name); + if(!Sys_DllExtension(name)) + { + Com_Printf("Refusing to attempt to load library \"%s\": Extension not allowed.\n", name); + return NULL; + } + Com_Printf( "Loading DLL file: %s\n", name); libHandle = Sys_LoadLibrary(name); diff --git a/code/sys/sys_unix.c b/code/sys/sys_unix.c index b6f33b1f..44d7492f 100644 --- a/code/sys/sys_unix.c +++ b/code/sys/sys_unix.c @@ -912,3 +912,44 @@ qboolean Sys_PIDIsRunning( int pid ) { return kill( pid, 0 ) == 0; } + +/* +================= +Sys_DllExtension + +Check if filename should be allowed to be loaded as a DLL. +================= +*/ +qboolean Sys_DllExtension( const char *name ) { + const char *p; + char c = 0; + + if ( COM_CompareExtension( name, DLL_EXT ) ) { + return qtrue; + } + + // Check for format of filename.so.1.2.3 + p = strstr( name, DLL_EXT "." ); + + if ( p ) { + p += strlen( DLL_EXT ); + + // Check if .so is only followed for periods and numbers. + while ( *p ) { + c = *p; + + if ( !isdigit( c ) && c != '.' ) { + return qfalse; + } + + p++; + } + + // Don't allow filename to end in a period. file.so., file.so.0., etc + if ( c != '.' ) { + return qtrue; + } + } + + return qfalse; +} diff --git a/code/sys/sys_win32.c b/code/sys/sys_win32.c index 2b083ff9..6979dce9 100644 --- a/code/sys/sys_win32.c +++ b/code/sys/sys_win32.c @@ -842,3 +842,14 @@ qboolean Sys_PIDIsRunning( int pid ) return qfalse; } + +/* +================= +Sys_DllExtension + +Check if filename should be allowed to be loaded as a DLL. +================= +*/ +qboolean Sys_DllExtension( const char *name ) { + return COM_CompareExtension( name, DLL_EXT ); +}