stjr/Kart-Public
0
0
Fork 0
mirror of https://git.do.srb2.org/KartKrew/Kart-Public.git synced 2024-12-27 21:01:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

Block possible methods of accessing folders outside of SRB2

Browse source
This commit is contained in:
wolfy852 2016-01-20 21:31:00 -06:00
parent 569f7d15d1
commit de03db99e7
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/blua/liolib.c
View file

@ -153,6 +153,12 @@ static int io_tostring (lua_State *L) {
return 1;
}
static int StartsWith(const char *a, const char *b) // this is wolfs being lazy yet again
{
if(strncmp(a, b, strlen(b)) == 0) return 1;
return 0;
}
static int io_open (lua_State *L) {
const char *filename = luaL_checkstring(L, 1);
@ -166,7 +172,8 @@ static int io_open (lua_State *L) {
break;
}
}
if (strstr(filename, "../") || strstr(filename, "..\\") || !pass)
if (strstr(filename, "..") || strchr(filename, ':') || StartsWith(filename, "\\")
|| StartsWith(filename, "/") || !pass)
{
luaL_error(L,"access denied to %s", filename);
return pushresult(L,0,filename);