From 72d496fb243f622c9a582d593b0d51ec057acd37 Mon Sep 17 00:00:00 2001 From: Andrei Karas Date: Sun, 8 Jan 2012 20:41:48 +0300 Subject: Validate update host. --- src/client.cpp | 4 ++++ src/gui/logindialog.cpp | 12 ++++++++++-- src/main.cpp | 7 ++++++- src/net/ea/loginhandler.cpp | 5 +++++ src/net/manaserv/loginhandler.cpp | 9 +++++++++ src/utils/stringutils.cpp | 10 ++++++++++ src/utils/stringutils.h | 2 ++ 7 files changed, 46 insertions(+), 3 deletions(-) diff --git a/src/client.cpp b/src/client.cpp index 5d5ce3535..88fe8c443 100644 --- a/src/client.cpp +++ b/src/client.cpp @@ -1689,6 +1689,8 @@ void Client::initConfiguration() config.setValue("musicVolume", 60); config.setValue("fpslimit", 60); std::string defaultUpdateHost = branding.getValue("defaultUpdateHost", ""); + if (!checkPath(defaultUpdateHost)) + defaultUpdateHost = ""; config.setValue("updatehost", defaultUpdateHost); config.setValue("customcursor", true); config.setValue("useScreenshotDirectorySuffix", true); @@ -1741,6 +1743,8 @@ void Client::initUpdatesDir() // If updatesHost is currently empty, fill it from config file if (mUpdateHost.empty()) mUpdateHost = config.getStringValue("updatehost"); + if (!checkPath(mUpdateHost)) + return; // Don't go out of range int he next check if (mUpdateHost.length() < 2) diff --git a/src/gui/logindialog.cpp b/src/gui/logindialog.cpp index 719b86cb8..b1c80b102 100644 --- a/src/gui/logindialog.cpp +++ b/src/gui/logindialog.cpp @@ -184,8 +184,16 @@ void LoginDialog::action(const gcn::ActionEvent &event) serverConfig.setValue("customUpdateHost", mUpdateHostText->getText()); - mLoginData->updateHost = mUpdateHostText->getText(); - *mUpdateHost = mUpdateHostText->getText(); + if (checkPath(mUpdateHostText->getText())) + { + mLoginData->updateHost = mUpdateHostText->getText(); + *mUpdateHost = mUpdateHostText->getText(); + } + else + { + mLoginData->updateHost = ""; + *mUpdateHost = ""; + } } mLoginData->updateType = updateType; serverConfig.setValue("updateType", updateType); diff --git a/src/main.cpp b/src/main.cpp index 1988e5962..71794487c 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -33,6 +33,8 @@ #include #include +#include "utils/stringutils.h" + #ifdef __MINGW32__ #include #endif @@ -140,7 +142,10 @@ static void parseOptions(int argc, char *argv[], Client::Options &options) options.printHelp = true; break; case 'H': - options.updateHost = optarg; + if (checkPath(optarg)) + options.updateHost = optarg; + else + options.updateHost = ""; break; case 'c': options.character = optarg; diff --git a/src/net/ea/loginhandler.cpp b/src/net/ea/loginhandler.cpp index bbf19fb34..291a92906 100644 --- a/src/net/ea/loginhandler.cpp +++ b/src/net/ea/loginhandler.cpp @@ -150,6 +150,11 @@ void LoginHandler::processUpdateHost(Net::MessageIn &msg) len = msg.readInt16() - 4; mUpdateHost = msg.readString(len); + if (!checkPath(mUpdateHost)) + { + mUpdateHost = ""; + logger->log1("Warning: incorrect update server name"); + } loginData.updateHost = mUpdateHost; logger->log("Received update host \"%s\" from login server.", diff --git a/src/net/manaserv/loginhandler.cpp b/src/net/manaserv/loginhandler.cpp index f1cb8e352..8b8ac831f 100644 --- a/src/net/manaserv/loginhandler.cpp +++ b/src/net/manaserv/loginhandler.cpp @@ -341,9 +341,18 @@ void LoginHandler::readServerInfo(Net::MessageIn &msg) // Set the update host when included in the message const std::string updateHost = msg.readString(); if (!updateHost.empty()) + { + if (!checkPath(updateHost)) + { + logger->log1("Warning: incorrect update server name"); + updateHost = ""; + } mLoginData->updateHost = updateHost; + } else + { logger->log1("Warning: server does not have an update host set!"); + } // Read the client data folder for dynamic data loading. // This is only used by the QT client. diff --git a/src/utils/stringutils.cpp b/src/utils/stringutils.cpp index 642ba0df2..b855e3b04 100644 --- a/src/utils/stringutils.cpp +++ b/src/utils/stringutils.cpp @@ -612,3 +612,13 @@ std::string &removeProtocol(std::string &url) url = url.substr(i + 3); return url; } + +bool checkPath(std::string path) +{ + if (path.empty()) + return true; + return path.find("../") == std::string::npos + && path.find("..\\") == std::string::npos + && path.find("/..") == std::string::npos + && path.find("\\..") == std::string::npos; +} diff --git a/src/utils/stringutils.h b/src/utils/stringutils.h index 0913c7348..c6eb08a6c 100644 --- a/src/utils/stringutils.h +++ b/src/utils/stringutils.h @@ -206,4 +206,6 @@ bool findCutFirst(std::string &str1, std::string str2); std::string &removeProtocol(std::string &url); +bool checkPath(std::string path); + #endif // UTILS_STRINGUTILS_H -- cgit v1.2.3-70-g09d2