vilyaem/Xrasher
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

filesystem: disallow path traversal in FS_Delete and FS_Rename

Browse source
This commit is contained in:
Alibek Omarov 2025-02-23 03:13:46 +03:00
parent 2c5030ab45
commit 0c8da36a0b
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
filesystem/filesystem.c
View file

@ -3119,6 +3119,10 @@ qboolean FS_Rename( const char *oldname, const char *newname )
char oldname2[MAX_SYSPATH], newname2[MAX_SYSPATH], oldpath[MAX_SYSPATH], newpath[MAX_SYSPATH]; char oldname2[MAX_SYSPATH], newname2[MAX_SYSPATH], oldpath[MAX_SYSPATH], newpath[MAX_SYSPATH];
int ret; int ret;
// a1ba: disallow path traversal
if( FS_CheckNastyPath( oldname ) || FS_CheckNastyPath( newname ))
return false;
if( !fs_writepath ) if( !fs_writepath )
return false; return false;
@ -3167,6 +3171,10 @@ qboolean GAME_EXPORT FS_Delete( const char *path )
char path2[MAX_SYSPATH], real_path[MAX_SYSPATH]; char path2[MAX_SYSPATH], real_path[MAX_SYSPATH];
int ret; int ret;
// a1ba: disallow path traversal
if( FS_CheckNastyPath( path ))
return false;
if( !fs_writepath || !COM_CheckString( path )) if( !fs_writepath || !COM_CheckString( path ))
return false; return false;