From 2381bf69f6a5c6a559a0fb5d3d749f4a60672066 Mon Sep 17 00:00:00 2001
From: Jesusaves <cpntb1@ymail.com>
Date: Mon, 30 Aug 2021 14:09:15 -0300
Subject: Add minimal sanitizing rules to subprocess. While it is still
 vulnerable in overall, this should reduce attack surface.

---
 game/client.rpy | 4 ++--
 game/core.rpy   | 7 +++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/game/client.rpy b/game/client.rpy
index cd23d52..3062b98 100644
--- a/game/client.rpy
+++ b/game/client.rpy
@@ -90,9 +90,9 @@ init 2 python:
 
             ## Launch your preferred game client, wait for it to finish
             if renpy.windows:
-                app=execute("\"%s\" %s%s" % (CMD, OPT, PWD), shell=True)
+                app=execute(san("\"%s\" %s%s" % (CMD, OPT, PWD)), shell=True)
             else:
-                app=execute("%s %s%s" % (CMD, OPT, PWD), shell=True)
+                app=execute(san("%s %s%s" % (CMD, OPT, PWD)), shell=True)
 
             ## Determine error messages
             if app == 7:
diff --git a/game/core.rpy b/game/core.rpy
index 723c283..14f22c9 100644
--- a/game/core.rpy
+++ b/game/core.rpy
@@ -46,6 +46,13 @@ init -3 python:
         del ct
         return rt
 
+    # Sanitize a command (strip some flow control chars)
+    # While it covers all control operators and most metacharacters,
+    # it doesn't covers well the reserved words.
+    # ...Of course, it relies on this client not being compromised.
+    def san(cmd):
+        return cmd.replace(";", "").replace("|", "").replace(">", "").replace("<", "").replace("&", "").replace("(", "").replace(")", "").replace("\n", "").replace("[[", "").replace("]]", "")
+
     # Smart Print command
     def stdout(message, bd=False):
         if config.developer:
-- 
cgit v1.2.3-70-g09d2