ubergames/lilium-voyager
0
0
Fork 0
mirror of https://github.com/UberGames/lilium-voyager.git synced 2024-12-13 05:31:29 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix exploit to bypass filename restrictions on Windows

Browse source 
Windows API ignores all trailing spaces and periods which can get around
Quake 3 file system restrictions. QVM opening 'uix86.dll.' actually
opens 'uix86.dll' which allows QVM to write native code.

This is done in the low-level Sys_FOpen() instead of the function
directly used by VMs ( FS_FOpenFileByMode() ) in case there are engine
commands now or in the future that can read or write arbitrary files.

Reported by Noah Metzger (Chomenor).
This commit is contained in:
Zack Middleton 2018-01-30 07:43:36 -06:00
parent acce0e5452
commit df8f657f09
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
code/sys/sys_win32.c
View file

@ -357,6 +357,14 @@ Sys_FOpen
============== ==============
*/ */
FILE *Sys_FOpen( const char *ospath, const char *mode ) { FILE *Sys_FOpen( const char *ospath, const char *mode ) {
size_t length;
// Windows API ignores all trailing spaces and periods which can get around Quake 3 file system restrictions.
length = strlen( ospath );
if ( length == 0 || ospath[length-1] == ' ' || ospath[length-1] == '.' ) {
return NULL;
}
return fopen( ospath, mode ); return fopen( ospath, mode );
} }