qf/quakeforge
0
0
Fork 0
mirror of https://git.code.sf.net/p/quake/quakeforge synced 2024-11-10 15:22:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

rework contains_updir to allow a specified number of ..s. QFS_FOpenFile now

Browse source 
allows one .. in the path (won't be able to find any files in a pak file
and is horribly inefficient, but oh well)
This commit is contained in:
Bill Currie 2004-04-14 02:15:14 +00:00
parent 1bf13a27b9
commit 31b867a08e
1 changed files with 14 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
libs/util/quakefs.c
View file

@ -728,11 +728,19 @@ QFS_CompressPath (const char *pth)
Assumes canonical (compressed) path.
*/
static inline int
contains_updir (const char *path)
contains_updir (const char *path, int levels)
{
if (path[0] == '.' && path[1] == '.'
&& (path [2] == '/' || path[2] == 0))
return 1;
do {
if (path[0] != '.' || path[1] != '.'
|| (path[2] != '/' && path[2] != 0))
return 0;
if (!path[2])
break;
// first part of path is ../
if (levels <= 0)
return 1;
path += 3;
} while (levels-- > 0);
return 0;
}
@ -809,7 +817,7 @@ _QFS_FOpenFile (const char *filename, QFile **gzfile,
// make sure they're not trying to do weird stuff with our private files
path = QFS_CompressPath (filename);
if (contains_updir(path)) {
if (contains_updir(path, 1)) {
Sys_DPrintf ("FindFile: %s: attempt to escape directory tree!\n", path);
goto error;
}
@ -1317,7 +1325,7 @@ QFS_Open (const char *path, const char *mode)
int write = 0;
cpath = QFS_CompressPath (path);
if (contains_updir (cpath)) {
if (contains_updir (cpath, 0)) {
errno = EACCES;
file = 0;
} else {