Restrict exec path to srb2 directories

src/command.c

@@ -34,6 +34,7 @@
 #include "lua_script.h"
 #include "d_netfil.h" // findfile
 #include "r_data.h" // Color_cons_t
+#include "d_main.h" // D_IsPathAllowed
 
 //========
 // protos.
@@ -770,6 +771,9 @@ static void COM_Exec_f(void)
 		return;
 	}
 
+	if (!D_CheckPathAllowed(COM_Argv(1), "tried to exec"))
+		return;
+
 	// load file
 	// Try with Argv passed verbatim first, for back compat
 	FIL_ReadFile(COM_Argv(1), &buf);

src/d_main.c

@@ -1760,3 +1760,14 @@ boolean D_IsPathAllowed(const char *path)
 
 	return true;
 }
+
+boolean D_CheckPathAllowed(const char *path, const char *why)
+{
+	if (!D_IsPathAllowed(path))
+	{
+		CONS_Alert(CONS_WARNING, "%s: %s, location is not allowed\n", why, path);
+		return false;
+	}
+
+	return true;
+}

src/d_main.h

@@ -45,6 +45,7 @@ void D_ProcessEvents(void);
 const char *D_Home(void);
 
 boolean D_IsPathAllowed(const char *path);
+boolean D_CheckPathAllowed(const char *path, const char *why);
 
 //
 // BASE LEVEL

src/m_misc.c

@@ -467,6 +467,7 @@ void Command_SaveConfig_f(void)
 		CONS_Printf(M_GetText("saveconfig <filename[.cfg]> [-silent] : save config to a file\n"));
 		return;
 	}
+
 	strcpy(tmpstr, COM_Argv(1));
 	FIL_ForceExtension(tmpstr, ".cfg");
 

src/p_setup.c

@@ -8059,25 +8059,14 @@ static boolean P_LoadAddon(UINT16 numlumps)
 	return true;
 }
 
-static boolean P_CheckAddonPath(const char *path)
-{
-	if (!D_IsPathAllowed(path))
-	{
-		CONS_Alert(CONS_WARNING, "%s: tried to add file, location is not allowed\n", path);
-		return false;
-	}
-
-	return true;
-}
-
 boolean P_AddWadFile(const char *wadfilename)
 {
-	return P_CheckAddonPath(wadfilename) &&
+	return D_CheckPathAllowed(wadfilename, "tried to add file") &&
 		P_LoadAddon(W_InitFile(wadfilename, false, false));
 }
 
 boolean P_AddFolder(const char *folderpath)
 {
-	return P_CheckAddonPath(folderpath) &&
+	return D_CheckPathAllowed(folderpath, "tried to add folder") &&
 		P_LoadAddon(W_InitFolder(folderpath, false, false));
 }