piwalker/dolphin
1
0
Fork 0
mirror of https://github.com/dolphin-emu/dolphin.git synced 2025-07-29 17:19:44 -06:00
Code Issues Packages Projects Releases Wiki Activity

IOS HLE: Prevent accessing host file system

Browse Source
This commit is contained in:
JosJuice
2016-11-12 20:48:50 +01:00
parent a79c449493
commit 141f3bfb3a
3 changed files with 43 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_FileIO.cpp
View File

@ -8,6 +8,8 @@
#include "Common/CommonPaths.h"
#include "Common/CommonTypes.h"
#include "Common/FileUtil.h"
#include "Common/Logging/Log.h"
#include "Common/MsgHandler.h"
#include "Common/NandPaths.h"
#include "Common/StringUtil.h"
@ -23,8 +25,6 @@ static std::map<std::string, std::weak_ptr<File::IOFile>> openFiles;
// This is used by several of the FileIO and /dev/fs functions
std::string HLE_IPC_BuildFilename(std::string path_wii)
{
std::string path_full = File::GetUserPath(D_SESSION_WIIROOT_IDX);
// Replaces chars that FAT32 can't support with strings defined in /sys/replace
for (auto& replacement : replacements)
{
@ -32,9 +32,30 @@ std::string HLE_IPC_BuildFilename(std::string path_wii)
path_wii.replace(j, 1, replacement.second);
}
path_full += path_wii;
const std::string root_path = File::GetUserPath(D_SESSION_WIIROOT_IDX);
const std::string full_path = root_path + path_wii;
return path_full;
const std::string absolute_root_path = File::GetAbsolutePath(root_path);
const std::string absolute_full_path = File::GetAbsolutePath(full_path);
if (absolute_root_path.empty() || absolute_full_path.empty())
{
PanicAlert("IOS HLE: Couldn't get an absolute path; the root directory will be returned. "
"This will most likely lead to failures.");
return root_path;
}
if (path_wii.empty() || path_wii[0] != '/' ||
absolute_full_path.compare(0, absolute_root_path.size(), absolute_root_path) != 0)
{
// Prevent the emulated system from accessing files that aren't in the NAND directory.
// (Emulated software that tries to exploit Dolphin might access a path like "/../..".)
WARN_LOG(WII_IPC_FILEIO,
"The emulated software tried to access a file outside of the NAND directory: %s",
absolute_full_path.c_str());
return root_path;
}
return full_path;
}
void HLE_IPC_CreateVirtualFATFilesystem()