v2.8.3: Improved path sanitization, fixed #365

MCJack123 · Aug 16, 2024 · f7a88b9 · f7a88b9
1 parent 87345c9
commit f7a88b9
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 23 deletions.
diff --git a/resources/CraftOS-PC.exe.manifest b/resources/CraftOS-PC.exe.manifest
@@ -3,7 +3,7 @@
   <assemblyIdentity
       type="win32"
       name="CraftOS-PC"
-      version="2.8.2.0"
+      version="2.8.3.0"
       processorArchitecture="*"
     />
   <description>Advanced ComputerCraft Emulator</description>

diff --git a/resources/Info.plist b/resources/Info.plist
@@ -21,13 +21,13 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2.8.2</string>
+	<string>2.8.3</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>LSApplicationCategoryType</key>
 	<string>Unknown</string>
 	<key>CFBundleVersion</key>
-	<string>2.8.2</string>
+	<string>2.8.3</string>
 	<key>NSHumanReadableCopyright</key>
 	<string>Copyright (C) 2019-2024 JackMacWindows.</string>
 	<key>NSHighResolutionCapable</key>

diff --git a/src/apis/fs.cpp b/src/apis/fs.cpp
@@ -67,8 +67,9 @@ inline bool isVFSPath(path_t path) {
     return false;
 }
 
-static std::vector<path_t> fixpath_multiple(Computer *comp, const std::string& path) {
+static std::vector<path_t> fixpath_multiple(Computer *comp, std::string path) {
     std::vector<path_t> retval;
+    path.erase(std::remove_if(path.begin(), path.end(), [](char c)->bool {return c == '"' || c == '*' || c == ':' || c == '<' || c == '>' || c == '?' || c == '|' || c < 32; }), path.end());
     std::vector<std::string> elems = split(path, "/\\");
     std::list<std::string> pathc;
     for (std::string s : elems) {
@@ -77,7 +78,6 @@ static std::vector<path_t> fixpath_multiple(Computer *comp, const std::string& p
             else if (pathc.empty()) pathc.push_back("..");
             else pathc.pop_back();
         } else if (!s.empty() && !std::all_of(s.begin(), s.end(), [](const char c)->bool{return c == '.';})) {
-            s.erase(std::remove_if(s.begin(), s.end(), [](char c)->bool{return c=='"'||c==':'||c=='<'||c=='>'||c=='?'||c=='|';}), s.end());
             pathc.push_back(s);
         }
     }

diff --git a/src/apis/http.cpp b/src/apis/http.cpp
@@ -835,11 +835,10 @@ static int websocket_send(lua_State *L) {
     std::string str = checkstring(L, 1);
     if (config.http_max_websocket_message > 0 && str.size() > (unsigned)config.http_max_websocket_message) luaL_error(L, "Message is too large");
     ws_handle * ws = *(ws_handle**)lua_touserdata(L, lua_upvalueindex(1));
-    if (ws == NULL) luaL_error(L, "attempt to use a closed file");
+    if (ws == NULL) return luaL_error(L, "attempt to use a closed file");
     std::lock_guard<std::mutex> lock(ws->lock);
     if (ws->ws == NULL) return luaL_error(L, "attempt to use a closed file");
-    if (ws->ws->sendFrame(str.c_str(), str.size(), (int)WebSocket::FRAME_FLAG_FIN | (int)(lua_toboolean(L, 2) ? WebSocket::FRAME_BINARY : WebSocket::FRAME_TEXT)) < 1) 
-        websocket_close(L);
+    ws->ws->sendFrame(str.c_str(), str.size(), (int)WebSocket::FRAME_FLAG_FIN | (int)(lua_toboolean(L, 2) ? WebSocket::FRAME_BINARY : WebSocket::FRAME_TEXT));
     return 0;
 }
 

diff --git a/src/platform/CraftOS-PC 2.rc b/src/platform/CraftOS-PC 2.rc
@@ -60,8 +60,8 @@ MANIFEST                RT_MANIFEST             "..\\..\\resources\\CraftOS-PC.e
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 2,8,2,0
- PRODUCTVERSION 2,8,2,0
+ FILEVERSION 2,8,3,0
+ PRODUCTVERSION 2,8,3,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -77,12 +77,12 @@ BEGIN
         BLOCK "040904b0"
         BEGIN
             VALUE "FileDescription", "CraftOS-PC"
-            VALUE "FileVersion", "2.8.2.0"
+            VALUE "FileVersion", "2.8.3.0"
             VALUE "InternalName", "CraftOS-PC.exe"
             VALUE "LegalCopyright", "Copyright (C) 2019-2024 JackMacWindows."
             VALUE "OriginalFilename", "CraftOS-PC.exe"
             VALUE "ProductName", "CraftOS-PC"
-            VALUE "ProductVersion", "2.8.2.0"
+            VALUE "ProductVersion", "2.8.3.0"
         END
     END
     BLOCK "VarFileInfo"

diff --git a/src/util.cpp b/src/util.cpp
@@ -165,7 +165,8 @@ inline bool isVFSPath(path_t path) {
     return false;
 }
 
-path_t fixpath(Computer *comp, const std::string& path, bool exists, bool addExt, std::string * mountPath, bool * isRoot) {
+path_t fixpath(Computer *comp, std::string path, bool exists, bool addExt, std::string * mountPath, bool * isRoot) {
+    path.erase(std::remove_if(path.begin(), path.end(), [](char c)->bool {return c == '"' || c == '*' || c == ':' || c == '<' || c == '>' || c == '?' || c == '|' || c < 32; }), path.end());
     std::vector<std::string> elems = split(path, "/\\");
     std::list<std::string> pathc;
     for (std::string s : elems) {
@@ -175,7 +176,6 @@ path_t fixpath(Computer *comp, const std::string& path, bool exists, bool addExt
             else pathc.pop_back();
         } else if (!s.empty() && s.find_first_not_of(' ') != std::string::npos && !std::all_of(s.begin(), s.end(), [](const char c)->bool{return c == '.';})) {
             s = s.substr(s.find_first_not_of(' '), s.find_last_not_of(' ') - s.find_first_not_of(' ') + 1);
-            s.erase(std::remove_if(s.begin(), s.end(), [](char c)->bool{return c=='"'||c==':'||c=='<'||c=='>'||c=='?'||c=='|';}), s.end());
             pathc.push_back(s);
         }
     }
@@ -274,14 +274,14 @@ path_t fixpath(Computer *comp, const std::string& path, bool exists, bool addExt
     return ss;
 }
 
-bool fixpath_ro(Computer *comp, const std::string& path) {
+bool fixpath_ro(Computer *comp, std::string path) {
+    path.erase(std::remove_if(path.begin(), path.end(), [](char c)->bool {return c == '"' || c == '*' || c == ':' || c == '<' || c == '>' || c == '?' || c == '|' || c < 32; }), path.end());
     std::vector<std::string> elems = split(path, "/\\");
     std::list<std::string> pathc;
     for (std::string s : elems) {
         if (s == "..") { if (pathc.empty()) return false; else pathc.pop_back(); }
         else if (!s.empty() && !std::all_of(s.begin(), s.end(), [](const char c)->bool{return c == '.';})) {
             s = s.substr(s.find_first_not_of(' '), s.find_last_not_of(' ') - s.find_first_not_of(' ') + 1);
-            s.erase(std::remove_if(s.begin(), s.end(), [](char c)->bool{return c=='"'||c==':'||c=='<'||c=='>'||c=='?'||c=='|';}), s.end());
             pathc.push_back(s);
         }
     }
@@ -299,14 +299,14 @@ bool fixpath_ro(Computer *comp, const std::string& path) {
     return max_path.second;
 }
 
-std::set<std::string> getMounts(Computer * computer, const std::string& comp_path) {
+std::set<std::string> getMounts(Computer * computer, std::string comp_path) {
+    comp_path.erase(std::remove_if(comp_path.begin(), comp_path.end(), [](char c)->bool {return c == '"' || c == '*' || c == ':' || c == '<' || c == '>' || c == '?' || c == '|' || c < 32; }), comp_path.end());
     std::vector<std::string> elems = split(comp_path, "/\\");
     std::list<std::string> pathc;
     std::set<std::string> retval;
     for (std::string s : elems) {
         if (s == "..") { if (pathc.empty()) return retval; else pathc.pop_back(); }
         else if (!s.empty() && !std::all_of(s.begin(), s.end(), [](const char c)->bool{return c == '.';})) {
-            s.erase(std::remove_if(s.begin(), s.end(), [](char c)->bool{return c=='"'||c==':'||c=='<'||c=='>'||c=='?'||c=='|';}), s.end());
             pathc.push_back(s);
         }
     }

diff --git a/src/util.hpp b/src/util.hpp
@@ -26,8 +26,8 @@ extern "C" {
 #include <Computer.hpp>
 #include <Terminal.hpp>
 
-#define CRAFTOSPC_VERSION    "v2.8.2"
-#define CRAFTOSPC_CC_VERSION "1.110.2"
+#define CRAFTOSPC_VERSION    "v2.8.3"
+#define CRAFTOSPC_CC_VERSION "1.112.0"
 #define CRAFTOSPC_INDEV      false
 
 using path_t = std::filesystem::path;
@@ -203,10 +203,10 @@ extern std::vector<std::wstring> split(const std::wstring& strToSplit, const wch
 extern std::vector<path_t> split(const path_t& strToSplit, const path_t::value_type * delimeter);
 extern void load_library(Computer *comp, lua_State *L, const library_t& lib);
 extern void HTTPDownload(const std::string& url, const std::function<void(std::istream*, Poco::Exception*, Poco::Net::HTTPResponse*)>& callback);
-extern path_t fixpath(Computer *comp, const std::string& path, bool exists, bool addExt = true, std::string * mountPath = NULL, bool * isRoot = NULL);
-extern bool fixpath_ro(Computer *comp, const std::string& path);
+extern path_t fixpath(Computer *comp, std::string path, bool exists, bool addExt = true, std::string * mountPath = NULL, bool * isRoot = NULL);
+extern bool fixpath_ro(Computer *comp, std::string path);
 extern path_t fixpath_mkdir(Computer * comp, const std::string& path, bool md = true, std::string * mountPath = NULL);
-extern std::set<std::string> getMounts(Computer * computer, const std::string& comp_path);
+extern std::set<std::string> getMounts(Computer * computer, std::string comp_path);
 extern void peripheral_update(Computer *comp);
 extern struct computer_configuration getComputerConfig(int id);
 extern void setComputerConfig(int id, const computer_configuration& cfg);