From 76879299f98b2b91f9a7df661e17c137ff2f6598 Mon Sep 17 00:00:00 2001
From: James R <justsomejames2@gmail.com>
Date: Fri, 14 Oct 2022 22:10:24 -0700
Subject: [PATCH] Restrict exec path to srb2 directories

---
 src/command.c |  4 ++++
 src/d_main.c  | 11 +++++++++++
 src/d_main.h  |  1 +
 src/m_misc.c  |  1 +
 src/p_setup.c | 15 ++-------------
 5 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/src/command.c b/src/command.c
index dae4dc7b1..f8b587328 100644
--- a/src/command.c
+++ b/src/command.c
@@ -34,6 +34,7 @@
 #include "lua_script.h"
 #include "d_netfil.h" // findfile
 #include "r_data.h" // Color_cons_t
+#include "d_main.h" // D_IsPathAllowed
 
 //========
 // protos.
@@ -770,6 +771,9 @@ static void COM_Exec_f(void)
 		return;
 	}
 
+	if (!D_CheckPathAllowed(COM_Argv(1), "tried to exec"))
+		return;
+
 	// load file
 	// Try with Argv passed verbatim first, for back compat
 	FIL_ReadFile(COM_Argv(1), &buf);
diff --git a/src/d_main.c b/src/d_main.c
index 6e76672e0..5b102d623 100644
--- a/src/d_main.c
+++ b/src/d_main.c
@@ -1760,3 +1760,14 @@ boolean D_IsPathAllowed(const char *path)
 
 	return true;
 }
+
+boolean D_CheckPathAllowed(const char *path, const char *why)
+{
+	if (!D_IsPathAllowed(path))
+	{
+		CONS_Alert(CONS_WARNING, "%s: %s, location is not allowed\n", why, path);
+		return false;
+	}
+
+	return true;
+}
diff --git a/src/d_main.h b/src/d_main.h
index 7760351f3..cc06f5f61 100644
--- a/src/d_main.h
+++ b/src/d_main.h
@@ -45,6 +45,7 @@ void D_ProcessEvents(void);
 const char *D_Home(void);
 
 boolean D_IsPathAllowed(const char *path);
+boolean D_CheckPathAllowed(const char *path, const char *why);
 
 //
 // BASE LEVEL
diff --git a/src/m_misc.c b/src/m_misc.c
index 6c346e5a1..fca0474eb 100644
--- a/src/m_misc.c
+++ b/src/m_misc.c
@@ -467,6 +467,7 @@ void Command_SaveConfig_f(void)
 		CONS_Printf(M_GetText("saveconfig <filename[.cfg]> [-silent] : save config to a file\n"));
 		return;
 	}
+
 	strcpy(tmpstr, COM_Argv(1));
 	FIL_ForceExtension(tmpstr, ".cfg");
 
diff --git a/src/p_setup.c b/src/p_setup.c
index 132dc4259..45813e04d 100644
--- a/src/p_setup.c
+++ b/src/p_setup.c
@@ -8059,25 +8059,14 @@ static boolean P_LoadAddon(UINT16 numlumps)
 	return true;
 }
 
-static boolean P_CheckAddonPath(const char *path)
-{
-	if (!D_IsPathAllowed(path))
-	{
-		CONS_Alert(CONS_WARNING, "%s: tried to add file, location is not allowed\n", path);
-		return false;
-	}
-
-	return true;
-}
-
 boolean P_AddWadFile(const char *wadfilename)
 {
-	return P_CheckAddonPath(wadfilename) &&
+	return D_CheckPathAllowed(wadfilename, "tried to add file") &&
 		P_LoadAddon(W_InitFile(wadfilename, false, false));
 }
 
 boolean P_AddFolder(const char *folderpath)
 {
-	return P_CheckAddonPath(folderpath) &&
+	return D_CheckPathAllowed(folderpath, "tried to add folder") &&
 		P_LoadAddon(W_InitFolder(folderpath, false, false));
 }