piwalker/melonDS
1
0
Fork 0
mirror of https://github.com/melonDS-emu/melonDS.git synced 2025-07-25 07:10:00 -06:00
Code Issues Packages Projects Releases Wiki Activity

prevent directory traversal from index paths

Browse Source
This commit is contained in:
Arisotura
2021-10-06 12:39:46 +02:00
parent 450e0aba27
commit 68afc2511a
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/FATStorage.cpp
View File

@ -185,6 +185,16 @@ void FATStorage::LoadIndex()
for (const auto& [key, val] : DirIndex)
{
std::string path = val.Path;
if ((path.find("/./") != std::string::npos) ||
(path.find("/../") != std::string::npos) ||
(path.substr(0,2) == "./") ||
(path.substr(0,3) == "../"))
{
removelist.push_back(key);
continue;
}
int sep = path.rfind('/');
if (sep == std::string::npos) continue;
@ -205,6 +215,16 @@ void FATStorage::LoadIndex()
for (const auto& [key, val] : FileIndex)
{
std::string path = val.Path;
if ((path.find("/./") != std::string::npos) ||
(path.find("/../") != std::string::npos) ||
(path.substr(0,2) == "./") ||
(path.substr(0,3) == "../"))
{
removelist.push_back(key);
continue;
}
int sep = path.rfind('/');
if (sep == std::string::npos) continue;