Fix a couple of crashy issues that were possible with the updates menu.

git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@5869 fc73d0e0-1445-4013-8a0c-d673dee63da5
2021-05-27 11:33:55 +00:00 · 2021-05-27 11:33:55 +00:00 · 2657dce9c8
parent fb54cc140b
commit 2657dce9c8
2 changed files with 27 additions and 4 deletions
--- a/engine/client/m_download.c
+++ b/engine/client/m_download.c
@ -642,7 +642,7 @@ static qboolean PM_MergePackage(package_t *oldp, package_t *newp)
 		if (newp->previewimage){Z_Free(oldp->previewimage); oldp->previewimage = Z_StrDup(newp->previewimage);}

 		if (newp->signature){Z_Free(oldp->signature); oldp->signature = Z_StrDup(newp->signature);}
-		if (newp->filesha1){Z_Free(oldp->filesha1); oldp->previewimage = Z_StrDup(newp->filesha1);}
+		if (newp->filesha1){Z_Free(oldp->filesha1); oldp->filesha1 = Z_StrDup(newp->filesha1);}
 		if (newp->filesha512){Z_Free(oldp->filesha512); oldp->filesha512 = Z_StrDup(newp->filesha512);}
 		if (newp->filesize){oldp->filesize = newp->filesize;}

@ -5120,7 +5120,7 @@ static void MD_Download_UpdateStatus(struct emenu_s *m)
 			if (op->common.iszone)
 				Z_Free(op);
 		}
-		m->cursoritem = m->selecteditem = NULL;
+		m->cursoritem = m->selecteditem = m->mouseitem = NULL;
 		info->downloadablessequence = downloadablessequence;

 		info->populated = false;
--- a/engine/common/fs.c
+++ b/engine/common/fs.c
@ -569,6 +569,7 @@ mirror:

 qboolean FS_GamedirIsOkay(const char *path)
 {
+	char tmp[MAX_QPATH];
 	if (!*path || strchr(path, '\n') || strchr(path, '\r') || !strcmp(path, ".") || !strcmp(path, "..") || strchr(path, ':') || strchr(path, '/') || strchr(path, '\\') || strchr(path, '$'))
 	{
 		Con_Printf("Illegal path specified: %s\n", path);
@ -585,7 +586,18 @@ qboolean FS_GamedirIsOkay(const char *path)
 	}

 	//some gamedirs should never be used for actual games/mods. Reject them.
-	if (!Q_strncasecmp(path, "downloads", 9) || !Q_strncasecmp(path, "docs", 4) || !Q_strncasecmp(path, "help", 4))
+	if (!Q_strncasecmp(path, "downloads", 9) ||	//QI stuff uses this for arbitrary downloads. it doesn't make sense as a gamedir.
+		!Q_strncasecmp(path, "docs", 4) ||		//don't pollute this
+		!Q_strncasecmp(path, "help", 4) ||		//don't pollute this
+		!Q_strncasecmp(path, "bin", 3) ||		//if scripts try executing stuff here then we want to make extra sure that we don't allow writing anything within it.
+		!Q_strncasecmp(path, "lib", 3))			//same deal
+	{
+		Con_Printf ("Gamedir should not be \"%s\"\n", path);
+		return false;
+	}
+
+	//this checks for system-specific entries.
+	if (!FS_GetCleanPath(path, true, tmp, sizeof(tmp)))
 	{
 		Con_Printf ("Gamedir should not be \"%s\"\n", path);
 		return false;
@ -1878,7 +1890,7 @@ static const char *FS_GetCleanPath(const char *pattern, qboolean silent, char *o

 	s = pattern;
 	seg = o = outbuf;
-	if (!pattern)
+	if (!pattern || !*pattern)
 	{
 		Con_Printf("Error: Empty filename\n");
 		return NULL;
@ -2433,6 +2445,17 @@ static int QDECL FS_RemoveTreeCallback(const char *fname, qofs_t fsize, time_t m
 qboolean FS_RemoveTree(searchpathfuncs_t *pathhandle, const char *fname)
 {	//this requires that the searchpath a) supports remove. b) supports listing directories...
 	//path is expected to have a trailing /
+
+	/*char cleaned[MAX_QPATH];
+	fname = FS_GetCleanPath(fname, false, cleaned, sizeof(cleaned));
+	if (!fname)
+		return false;*/
+
+	if (fs_readonly)
+		return false;
+
+	//FIXME: don't cross filesystems.
+	//FIXME: remove dir symlinks instead of the target's contents.
 	if (FS_RemoveTreeCallback(fname, 0, 0, NULL, pathhandle))
 		return true;
 	return false;