Jailed link paths to gamedir, fixing known exploit:

rcon link /etc owned download owned/sensitivefile
2025-03-29 22:01:21 +00:00 · 2006-01-14 14:42:48 +00:00 · 2006-01-14 14:42:48 +00:00 · e1326ba6f7
commit e1326ba6f7
parent cdc2e36cf7
1 changed files with 9 additions and 0 deletions
--- a/src/files.c
+++ b/src/files.c
@ -719,12 +719,21 @@ Creates a filelink_t
 */
 void FS_Link_f(void){
 	filelink_t	*l, **prev;
+	char *from;
 	
 	if(Cmd_Argc() != 3){
 		Com_Printf("USAGE: link <from> <to>\n");
 		return;
 	}
 	
+	from = Cmd_Argv(1);
+	
+	// jail link sources to gamedir
+	if(strstr(from, "..") || *from == '/' || *from == '.'){
+		Com_Printf("Illegal path name %s\n", from);
+		return;
+	}
+	
 	// see if the link already exists
 	prev = &fs_links;
 	for(l = fs_links; l; l = l->next){