piwalker/melonDS
1
0
Fork 0
mirror of https://github.com/melonDS-emu/melonDS.git synced 2025-07-27 00:00:07 -06:00
Code Issues Packages Projects Releases Wiki Activity

prevent directory traversal from index paths

Browse Source
This commit is contained in:
Arisotura
2021-10-06 12:39:46 +02:00
parent 450e0aba27
commit 68afc2511a
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/FATStorage.cpp
View File

@ -185,6 +185,16 @@ void FATStorage::LoadIndex()
for (const auto& [key, val] : DirIndex) for (const auto& [key, val] : DirIndex)
{ {
std::string path = val.Path; std::string path = val.Path;
if ((path.find("/./") != std::string::npos) ||
(path.find("/../") != std::string::npos) ||
(path.substr(0,2) == "./") ||
(path.substr(0,3) == "../"))
{
removelist.push_back(key);
continue;
}
int sep = path.rfind('/'); int sep = path.rfind('/');
if (sep == std::string::npos) continue; if (sep == std::string::npos) continue;
@ -205,6 +215,16 @@ void FATStorage::LoadIndex()
for (const auto& [key, val] : FileIndex) for (const auto& [key, val] : FileIndex)
{ {
std::string path = val.Path; std::string path = val.Path;
if ((path.find("/./") != std::string::npos) ||
(path.find("/../") != std::string::npos) ||
(path.substr(0,2) == "./") ||
(path.substr(0,3) == "../"))
{
removelist.push_back(key);
continue;
}
int sep = path.rfind('/'); int sep = path.rfind('/');
if (sep == std::string::npos) continue; if (sep == std::string::npos) continue;