Merge pull request #4472 from JosJuice/revert-absolute-path

IOS HLE: Replace broken path traversal prevention

Source/Core/Common/FileUtil.cpp

@@ -5,7 +5,6 @@
 #include <algorithm>
 #include <cstddef>
 #include <cstdio>
-#include <cstdlib>
 #include <cstring>
 #include <fcntl.h>
 #include <limits.h>
@@ -31,6 +30,7 @@
 #include <dirent.h>
 #include <errno.h>
 #include <libgen.h>
+#include <stdlib.h>
 #include <unistd.h>
 #endif
 
@@ -712,19 +712,6 @@ std::string GetBundleDirectory()
 }
 #endif
 
-std::string GetAbsolutePath(const std::string& path)
-{
-#ifdef _WIN32
-  wchar_t absolute_path[_MAX_PATH];
-  wchar_t* result = _wfullpath(absolute_path, UTF8ToTStr(path).c_str(), _MAX_PATH);
-  return result ? TStrToUTF8(result) : "";
-#else
-  char absolute_path[MAX_PATH + 1];
-  char* result = realpath(path.c_str(), absolute_path);
-  return result ? result : "";
-#endif
-}
-
 std::string& GetExeDirectory()
 {
   static std::string DolphinPath;

Source/Core/Common/FileUtil.h

@@ -133,10 +133,6 @@ std::string CreateTempDir();
 // Get a filename that can hopefully be atomically renamed to the given path.
 std::string GetTempFilenameForAtomicWrite(const std::string& path);
 
-// Converts the given path into an absolute path.
-// An empty string is returned if an error occurs.
-std::string GetAbsolutePath(const std::string& path);
-
 // Gets a set user directory path
 // Don't call prior to setting the base user directory
 const std::string& GetUserPath(unsigned int dir_index);

Source/Core/Common/NandPaths.cpp

@@ -2,10 +2,12 @@
 // Licensed under GPLv2+
 // Refer to the license.txt file included.
 
+#include <algorithm>
 #include <cstdio>
 #include <fstream>
 #include <stdlib.h>
 #include <string>
+#include <unordered_set>
 #include <utility>
 
 #include "Common/CommonFuncs.h"
@@ -117,36 +119,61 @@ bool CheckTitleTIK(u64 _titleID, FromWhichRoot from)
   return false;
 }
 
-static void CreateReplacementFile(std::string& filename)
+std::string EscapeFileName(const std::string& filename)
 {
-  std::ofstream replace;
-  OpenFStream(replace, filename, std::ios_base::out);
-  replace << "\" __22__\n";
-  replace << "* __2a__\n";
-  // replace << "/ __2f__\n";
-  replace << ": __3a__\n";
-  replace << "< __3c__\n";
-  replace << "> __3e__\n";
-  replace << "? __3f__\n";
-  // replace <<"\\ __5c__\n";
-  replace << "| __7c__\n";
+  // Prevent paths from containing special names like ., .., ..., ...., and so on
+  if (std::all_of(filename.begin(), filename.end(), [](char c) { return c == '.'; }))
+    return ReplaceAll(filename, ".", "__2e__");
+
+  // Escape all double underscores since we will use double underscores for our escape sequences
+  std::string filename_with_escaped_double_underscores = ReplaceAll(filename, "__", "__5f____5f__");
+
+  // Escape all other characters that need to be escaped
+  static const std::unordered_set<char> chars_to_replace = {'\"', '*', '/',  ':', '<',
+                                                            '>',  '?', '\\', '|', '\x7f'};
+  std::string result;
+  result.reserve(filename_with_escaped_double_underscores.size());
+  for (char c : filename_with_escaped_double_underscores)
+  {
+    if ((c >= 0 && c <= 0x1F) || chars_to_replace.find(c) != chars_to_replace.end())
+      result.append(StringFromFormat("__%02x__", c));
+    else
+      result.push_back(c);
+  }
+
+  return result;
 }
 
-void ReadReplacements(replace_v& replacements)
+std::string EscapePath(const std::string& path)
 {
-  replacements.clear();
-  const std::string replace_fname = "/sys/replace";
-  std::string filename = File::GetUserPath(D_SESSION_WIIROOT_IDX) + replace_fname;
+  std::vector<std::string> split_strings;
+  SplitString(path, '/', split_strings);
 
-  if (!File::Exists(filename))
-    CreateReplacementFile(filename);
+  std::vector<std::string> escaped_split_strings;
+  escaped_split_strings.reserve(split_strings.size());
+  for (const std::string& split_string : split_strings)
+    escaped_split_strings.push_back(EscapeFileName(split_string));
 
-  std::ifstream f;
-  OpenFStream(f, filename, std::ios_base::in);
-  char letter;
-  std::string replacement;
+  return JoinStrings(escaped_split_strings, "/");
+}
 
-  while (f >> letter >> replacement && replacement.size())
-    replacements.emplace_back(letter, replacement);
+std::string UnescapeFileName(const std::string& filename)
+{
+  std::string result = filename;
+  size_t pos = 0;
+
+  // Replace escape sequences of the format "__3f__" with the ASCII
+  // character defined by the escape sequence's two hex digits.
+  while ((pos = result.find("__", pos)) != std::string::npos)
+  {
+    u32 character;
+    if (pos + 6 <= result.size() && result[pos + 4] == '_' && result[pos + 5] == '_')
+      if (AsciiToHex(result.substr(pos + 2, 2), character))
+        result.replace(pos, 6, {static_cast<char>(character)});
+
+    ++pos;
+  }
+
+  return result;
 }
 }

Source/Core/Common/NandPaths.h

@@ -15,9 +15,6 @@ static const std::string TITLEID_SYSMENU_STRING = "0000000100000002";
 
 namespace Common
 {
-typedef std::pair<char, std::string> replace_t;
-typedef std::vector<replace_t> replace_v;
-
 void InitializeWiiRoot(bool use_temporary);
 void ShutdownWiiRoot();
 
@@ -33,5 +30,11 @@ std::string GetTitleDataPath(u64 _titleID, FromWhichRoot from);
 std::string GetTitleContentPath(u64 _titleID, FromWhichRoot from);
 bool CheckTitleTMD(u64 _titleID, FromWhichRoot from);
 bool CheckTitleTIK(u64 _titleID, FromWhichRoot from);
-void ReadReplacements(replace_v& replacements);
+
+// Escapes characters that are invalid or have special meanings in the host file system
+std::string EscapeFileName(const std::string& filename);
+// Escapes characters that are invalid or have special meanings in the host file system
+std::string EscapePath(const std::string& path);
+// Reverses escaping done by EscapeFileName
+std::string UnescapeFileName(const std::string& filename);
 }

Source/Core/Common/StringUtil.cpp

@@ -10,7 +10,9 @@
 #include <cstring>
 #include <iomanip>
 #include <istream>
+#include <iterator>
 #include <limits.h>
+#include <sstream>
 #include <string>
 #include <vector>
 
@@ -328,6 +330,21 @@ void SplitString(const std::string& str, const char delim, std::vector<std::stri
   output.pop_back();
 }
 
+std::string JoinStrings(const std::vector<std::string>& strings, const std::string& delimiter)
+{
+  // Check if we can return early, just for speed
+  if (strings.empty())
+    return "";
+
+  std::stringstream res;
+  std::copy(strings.begin(), strings.end(),
+            std::ostream_iterator<std::string>(res, delimiter.c_str()));
+
+  // Drop the trailing delimiter.
+  std::string joined = res.str();
+  return joined.substr(0, joined.length() - delimiter.length());
+}
+
 std::string TabsToSpaces(int tab_size, const std::string& in)
 {
   const std::string spaces(tab_size, ' ');

Source/Core/Common/StringUtil.h

@@ -106,6 +106,7 @@ bool AsciiToHex(const std::string& _szValue, u32& result);
 std::string TabsToSpaces(int tab_size, const std::string& in);
 
 void SplitString(const std::string& str, char delim, std::vector<std::string>& output);
+std::string JoinStrings(const std::vector<std::string>& strings, const std::string& delimiter);
 
 // "C:/Windows/winhelp.exe" to "C:/Windows/", "winhelp", ".exe"
 bool SplitPath(const std::string& full_path, std::string* _pPath, std::string* _pFilename,