mirror of
https://github.com/UberGames/lilium-voyager.git
synced 2024-12-13 13:40:56 +00:00
Fix exploit to bypass filename restrictions on Windows
Windows API ignores all trailing spaces and periods which can get around Quake 3 file system restrictions. QVM opening 'uix86.dll.' actually opens 'uix86.dll' which allows QVM to write native code. This is done in the low-level Sys_FOpen() instead of the function directly used by VMs ( FS_FOpenFileByMode() ) in case there are engine commands now or in the future that can read or write arbitrary files. Reported by Noah Metzger (Chomenor).
This commit is contained in:
parent
acce0e5452
commit
df8f657f09
1 changed files with 8 additions and 0 deletions
|
@ -357,6 +357,14 @@ Sys_FOpen
|
|||
==============
|
||||
*/
|
||||
FILE *Sys_FOpen( const char *ospath, const char *mode ) {
|
||||
size_t length;
|
||||
|
||||
// Windows API ignores all trailing spaces and periods which can get around Quake 3 file system restrictions.
|
||||
length = strlen( ospath );
|
||||
if ( length == 0 || ospath[length-1] == ' ' || ospath[length-1] == '.' ) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return fopen( ospath, mode );
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue