• R/O
  • SSH

Commit

Tags
No Tags

Frequently used words (click to add to your profile)

javaandroidc++linuxc#objective-c誰得cocoaqtpythonrubywindowsphpgameguibathyscaphec翻訳omegat計画中(planning stage)frameworktwitterdombtronvb.nettestarduinodirectxpreviewerゲームエンジン

This is a fork of Zandronum for TSPG.


Commit MetaInfo

Revisión0809f33e8ddfc0775ffc17159103d95716b87495 (tree)
Tiempo2021-01-22 09:10:24
AutorAdam Kaminski <kaminskiadam9@gmai...>
CommiterAdam Kaminski

Log Message

ZIP or 7Z files containing duplicate lumps won't be loaded and will instead throw a fatal error indicating the issue. This resolves authentication failures that happened when the malformed file was loaded onto a Linux server.

Cambiar Resumen

Diferencia incremental

diff -r d53b205a770f -r 0809f33e8ddf src/resourcefiles/file_7z.cpp
--- a/src/resourcefiles/file_7z.cpp Fri Sep 18 02:45:12 2020 +0100
+++ b/src/resourcefiles/file_7z.cpp Fri Jan 22 00:10:24 2021 +0000
@@ -263,6 +263,7 @@
263263
264264 Lumps = new F7ZLump[NumLumps];
265265
266+ FString oldName; // [AK] Store the name of the last lump we scanned.
266267 F7ZLump *lump_p = Lumps;
267268 TArray<UInt16> nameUTF16;
268269 TArray<char> nameASCII;
@@ -297,12 +298,22 @@
297298 FString name = &nameASCII[0];
298299 name.ToLower();
299300
301+ // [AK] Check for any duplicate lumps in the file. If we find any, then throw an error. We
302+ // shouldn't be loading any malformed 7z files, as this can lead to authentication issues.
303+ if ((oldName.IsNotEmpty()) && (oldName.CompareNoCase(name) == 0))
304+ {
305+ I_Error("Couldn't load file %s: duplicate lump '%s' detected.\n", Filename, name.GetChars());
306+ return false;
307+ }
308+
300309 lump_p->LumpNameSetup(name);
301310 lump_p->LumpSize = int(file->Size);
302311 lump_p->Owner = this;
303312 lump_p->Flags = LUMPF_ZIPFILE;
304313 lump_p->Position = i;
305314 lump_p->CheckEmbedded();
315+
316+ oldName = name; // [AK]
306317 lump_p++;
307318 }
308319 // Resize the lump record array to its actual size
diff -r d53b205a770f -r 0809f33e8ddf src/resourcefiles/file_zip.cpp
--- a/src/resourcefiles/file_zip.cpp Fri Sep 18 02:45:12 2020 +0100
+++ b/src/resourcefiles/file_zip.cpp Fri Jan 22 00:10:24 2021 +0000
@@ -205,6 +205,7 @@
205205 Reader->Seek(LittleLong(info.DirectoryOffset), SEEK_SET);
206206 Reader->Read(directory, dirsize);
207207
208+ FString oldName; // [AK] Store the name of the last lump we scanned.
208209 char *dirptr = (char*)directory;
209210 FZipLump *lump_p = Lumps;
210211 for (DWORD i = 0; i < NumLumps; i++)
@@ -231,6 +232,14 @@
231232 skipped++;
232233 continue;
233234 }
235+
236+ // [AK] Check for any duplicate lumps in the file. If we find any, then throw an error. We
237+ // shouldn't be loading any malformed zip files, as this can lead to authentication issues.
238+ if ((oldName.IsNotEmpty()) && (oldName.CompareNoCase(name) == 0))
239+ {
240+ I_Error("Couldn't load file %s: duplicate lump '%s' detected.\n", Filename, name.GetChars());
241+ return false;
242+ }
234243
235244 // Ignore unknown compression formats
236245 zip_fh->Method = LittleShort(zip_fh->Method);
@@ -274,6 +283,7 @@
274283 memset(lump_p->Name, 0, sizeof(lump_p->Name));
275284 }
276285
286+ oldName = name; // [AK]
277287 lump_p++;
278288 }
279289 // Resize the lump record array to its actual size