From f3ac82e11249501fffa3337dca92d3b83bbffe33 Mon Sep 17 00:00:00 2001 From: Christoph Oelckers Date: Wed, 13 Dec 2017 22:14:30 +0100 Subject: [PATCH 1/6] - do not allow outside access to the variable storing the CCMD for OptionMenuItemCommand. This can be abused to execute atbitrary commands from inside script code. --- wadsrc/static/zscript/menu/optionmenuitems.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wadsrc/static/zscript/menu/optionmenuitems.txt b/wadsrc/static/zscript/menu/optionmenuitems.txt index f08dca713..3405ae549 100644 --- a/wadsrc/static/zscript/menu/optionmenuitems.txt +++ b/wadsrc/static/zscript/menu/optionmenuitems.txt @@ -126,9 +126,12 @@ class OptionMenuItemSubmenu : OptionMenuItem class OptionMenuItemCommand : OptionMenuItemSubmenu { + private String ccmd; // do not allow access to this from the outside. + OptionMenuItemCommand Init(String label, Name command, bool centered = false) { Super.Init(label, command, 0, centered); + ccmd = command; return self; } @@ -146,7 +149,7 @@ class OptionMenuItemCommand : OptionMenuItemSubmenu if (m.GetItem(mAction) != self) return false; } Menu.MenuSound("menu/choose"); - DoCommand(mAction); + DoCommand(ccmd); return true; } From de12902d77642c65e56679201fa8c3b45054177f Mon Sep 17 00:00:00 2001 From: "alexey.lysiuk" Date: Thu, 14 Dec 2017 16:17:55 +0200 Subject: [PATCH 2/6] Increased limit for automap empty space margin to 90% https://forum.zdoom.org/viewtopic.php?t=58653 --- src/am_map.cpp | 4 ++-- wadsrc/static/menudef.txt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/am_map.cpp b/src/am_map.cpp index 5ab41cd09..540461441 100644 --- a/src/am_map.cpp +++ b/src/am_map.cpp @@ -104,9 +104,9 @@ CUSTOM_CVAR (Int, am_emptyspacemargin, 0, CVAR_ARCHIVE) { self = 0; } - else if (self > 50) + else if (self > 90) { - self = 50; + self = 90; } AM_NewResolution(); diff --git a/wadsrc/static/menudef.txt b/wadsrc/static/menudef.txt index 9574608f3..faf57c054 100644 --- a/wadsrc/static/menudef.txt +++ b/wadsrc/static/menudef.txt @@ -1091,7 +1091,7 @@ OptionMenu AutomapOptions protected Option "$AUTOMAPMNU_TEXTURED", "am_textured", "OnOff" Option "$AUTOMAPMNU_FOLLOW", "am_followplayer", "OnOff" Option "$AUTOMAPMNU_PTOVERLAY", "am_portaloverlay", "OnOff" - Slider "$AUTOMAPMNU_EMPTYSPACEMARGIN", "am_emptyspacemargin", 0, 50, 5, 0 + Slider "$AUTOMAPMNU_EMPTYSPACEMARGIN", "am_emptyspacemargin", 0, 90, 5, 0 StaticText " " Option "$AUTOMAPMNU_SHOWITEMS", "am_showitems", "OnOff" Option "$AUTOMAPMNU_SHOWMONSTERS", "am_showmonsters", "OnOff" From f77ba14948e4d405b8e5fffe6412b6f3828420d8 Mon Sep 17 00:00:00 2001 From: Rachael Alexanderson Date: Thu, 14 Dec 2017 15:51:24 -0500 Subject: [PATCH 3/6] - use a whitelist for DoCommand zscript command --- src/c_dispatch.cpp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/c_dispatch.cpp b/src/c_dispatch.cpp index 996872a66..4e3f027f0 100644 --- a/src/c_dispatch.cpp +++ b/src/c_dispatch.cpp @@ -664,13 +664,29 @@ void C_DoCommand (const char *cmd, int keynum) } } +#define ZS_SAFE_COMMAND(ccmd) if (stricmp(cmd, #ccmd) == 0) return true; + +bool C_ZSIsSafe(FString cmd) +{ + ZS_SAFE_COMMAND(snd_reset) + ZS_SAFE_COMMAND(reset2defaults) + ZS_SAFE_COMMAND(menuconsole) + ZS_SAFE_COMMAND(clearnodecache) + ZS_SAFE_COMMAND(am_restorecolors) + + return false; +} + // This is only accessible to the special menu item to run CCMDs. DEFINE_ACTION_FUNCTION(DOptionMenuItemCommand, DoCommand) { if (CurrentMenu == nullptr) return 0; PARAM_PROLOGUE; PARAM_STRING(cmd); - C_DoCommand(cmd); + if (C_ZSIsSafe(cmd)) + C_DoCommand(cmd); + else + Printf("Script attempted to call unsafe command '%s'\n", cmd); return 0; } From dee5d064e977acb236f61582b945aa806b89e8c3 Mon Sep 17 00:00:00 2001 From: Rachael Alexanderson Date: Thu, 14 Dec 2017 16:39:33 -0500 Subject: [PATCH 4/6] - revise last script a bit: allow certain cheats/scripts/events to be called from the menu. --- src/c_dispatch.cpp | 56 +++++++++++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 18 deletions(-) diff --git a/src/c_dispatch.cpp b/src/c_dispatch.cpp index 4e3f027f0..1bca9051b 100644 --- a/src/c_dispatch.cpp +++ b/src/c_dispatch.cpp @@ -126,7 +126,7 @@ FButtonStatus Button_Mlook, Button_Klook, Button_Use, Button_AltAttack, Button_AM_PanLeft, Button_AM_PanRight, Button_AM_PanDown, Button_AM_PanUp, Button_AM_ZoomIn, Button_AM_ZoomOut; -bool ParsingKeyConf; +bool ParsingKeyConf, ParsingMenuDef = false; // To add new actions, go to the console and type "key ". // This will give you the key value to use in the first column. Then @@ -187,6 +187,21 @@ static const char *KeyConfCommands[] = "clearplayerclasses" }; +static const char *MenuDefCommands[] = +{ + "snd_reset", + "reset2defaults", + "menuconsole", + "clearnodecache", + "am_restorecolors", + "special", + "puke", + "fpuke", + "pukename", + "event", + "netevent" +}; + // CODE -------------------------------------------------------------------- IMPLEMENT_CLASS(DWaitingCommand, false, false) @@ -584,6 +599,25 @@ void C_DoCommand (const char *cmd, int keynum) } } + if (ParsingMenuDef) + { + int i; + + for (i = countof(MenuDefCommands)-1; i >= 0; --i) + { + if (strnicmp (beg, MenuDefCommands[i], len) == 0 && + MenuDefCommands[i][len] == 0) + { + break; + } + } + if (i < 0) + { + Printf ("Invalid command for MENUDEF/ZScript: %s\n", beg); + return; + } + } + // Check if this is an action if (*beg == '+' || *beg == '-') { @@ -664,29 +698,15 @@ void C_DoCommand (const char *cmd, int keynum) } } -#define ZS_SAFE_COMMAND(ccmd) if (stricmp(cmd, #ccmd) == 0) return true; - -bool C_ZSIsSafe(FString cmd) -{ - ZS_SAFE_COMMAND(snd_reset) - ZS_SAFE_COMMAND(reset2defaults) - ZS_SAFE_COMMAND(menuconsole) - ZS_SAFE_COMMAND(clearnodecache) - ZS_SAFE_COMMAND(am_restorecolors) - - return false; -} - // This is only accessible to the special menu item to run CCMDs. DEFINE_ACTION_FUNCTION(DOptionMenuItemCommand, DoCommand) { if (CurrentMenu == nullptr) return 0; PARAM_PROLOGUE; PARAM_STRING(cmd); - if (C_ZSIsSafe(cmd)) - C_DoCommand(cmd); - else - Printf("Script attempted to call unsafe command '%s'\n", cmd); + ParsingMenuDef = true; + C_DoCommand(cmd); + ParsingMenuDef = false; return 0; } From 31f2bb5218d75668f3d21f110a3b07286e3c40f5 Mon Sep 17 00:00:00 2001 From: "alexey.lysiuk" Date: Fri, 15 Dec 2017 10:17:43 +0200 Subject: [PATCH 5/6] Extended workaround for bug in VS2017 compiler to 32-bit build game-music-emu\gme\fir_resampler.cpp(32): fatal error C1001: An internal error has occurred in the compiler. --- game-music-emu/gme/Fir_Resampler.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/game-music-emu/gme/Fir_Resampler.cpp b/game-music-emu/gme/Fir_Resampler.cpp index 355b95914..a311895a2 100644 --- a/game-music-emu/gme/Fir_Resampler.cpp +++ b/game-music-emu/gme/Fir_Resampler.cpp @@ -23,9 +23,9 @@ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #undef PI #define PI 3.1415926535897932384626433832795029 -#if _MSC_VER >= 1911 && defined _M_X64 +#if _MSC_VER >= 1911 #pragma float_control(precise, on, push) -#endif // _MSC_VER >= 1911 && _M_X64 +#endif // _MSC_VER >= 1911 static void gen_sinc( double rolloff, int width, double offset, double spacing, double scale, int count, short* out ) @@ -56,9 +56,9 @@ static void gen_sinc( double rolloff, int width, double offset, double spacing, } } -#if _MSC_VER >= 1911 && defined _M_X64 +#if _MSC_VER >= 1911 #pragma float_control(pop) -#endif // _MSC_VER >= 1911 && _M_X64 +#endif // _MSC_VER >= 1911 Fir_Resampler_::Fir_Resampler_( int width, sample_t* impulses_ ) : width_( width ), From c387574c020b50698c2b2c957fccb503ab8ed80b Mon Sep 17 00:00:00 2001 From: "alexey.lysiuk" Date: Fri, 15 Dec 2017 12:34:56 +0200 Subject: [PATCH 6/6] Stop demo recording after ending game with menu_endgame CCMD https://forum.zdoom.org/viewtopic.php?t=58735 --- src/menu/messagebox.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/menu/messagebox.cpp b/src/menu/messagebox.cpp index 3531cf2f6..bf5f4410f 100644 --- a/src/menu/messagebox.cpp +++ b/src/menu/messagebox.cpp @@ -139,6 +139,7 @@ void ActivateEndGameMenu() M_ClearMenus(); if (!netgame) { + G_CheckDemoStatus(); D_StartTitle(); } });