disallow all relative paths (./ or ../)

Teliva's model doesn't include any way to change directory. We just have
relative paths and absolute paths. Relative paths should not be able to
reach into parent directories.

The current test is a bit hacky; it also disallows directories ending in
a period. Hopefully not an issue.

4 files changed, 25 insertions, 1 deletions

diff --git a/src/liolib.c b/src/liolib.c
index feeeb8f..7824a58 100644
--- a/src/liolib.c
+++ b/src/liolib.c
@@ -139,7 +139,11 @@ static int io_open (lua_State *L) {
   /* other filenames starting with teliva_ are never ok (reserved for the
    * framework, should not be accessed by apps directly */
   else if (starts_with(filename, "teliva_")) {
-    snprintf(iolib_errbuf, 1024, "app tried to open file '%s'; that's never allowed for filenames starting with 'teliva_'", filename);
+    snprintf(iolib_errbuf, 1024, "app tried to open file '%s'; relative paths are never allowed", filename);
+    Previous_message = iolib_errbuf;
+  }
+  else if (contains(filename, "./")) {
+    snprintf(iolib_errbuf, 1024, "app tried to open file '%s'; relative paths are never allowed", filename);
     Previous_message = iolib_errbuf;
   }
   else if (file_operation_permitted(filename, mode)) {
diff --git a/src/loslib.c b/src/loslib.c
index 4715daa..530af6b 100644
--- a/src/loslib.c
+++ b/src/loslib.c
@@ -47,6 +47,11 @@ static int os_remove (lua_State *L) {
     Previous_message = oslib_errbuf;
     return os_pushresult(L, 0, filename);
   }
+  else if (contains(filename, "./")) {
+    snprintf(oslib_errbuf, 1024, "app tried to remove file '%s'; relative paths are never allowed", filename);
+    Previous_message = oslib_errbuf;
+    return os_pushresult(L, 0, filename);
+  }
   else if (!file_operation_permitted(filename, "w")) {
     snprintf(oslib_errbuf, 1024, "app tried to remove file '%s'; give it write permissions (ctrl-p) if that is expected", filename);
     Previous_message = oslib_errbuf;
@@ -69,6 +74,11 @@ static int os_rename (lua_State *L) {
     Previous_message = oslib_errbuf;
     return os_pushresult(L, 0, fromname);
   }
+  else if (contains(fromname, "./")) {
+    snprintf(oslib_errbuf, 1024, "app tried to rename file '%s'; relative paths are never allowed", fromname);
+    Previous_message = oslib_errbuf;
+    return os_pushresult(L, 0, fromname);
+  }
   else if (!file_operation_permitted(fromname, "r")) {
     snprintf(oslib_errbuf, 1024, "app tried to rename file '%s'; give it read permissions (ctrl-p) if that is expected", fromname);
     Previous_message = oslib_errbuf;
@@ -82,6 +92,11 @@ static int os_rename (lua_State *L) {
     Previous_message = oslib_errbuf;
     return os_pushresult(L, 0, toname);
   }
+  else if (contains(fromname, "./")) {
+    snprintf(oslib_errbuf, 1024, "app tried to rename to file '%s'; relative paths are never allowed", toname);
+    Previous_message = oslib_errbuf;
+    return os_pushresult(L, 0, toname);
+  }
   else if (!file_operation_permitted(toname, "w")) {
     snprintf(oslib_errbuf, 1024, "app tried to rename to file '%s'; give it write permissions (ctrl-p) if that is expected", toname);
     Previous_message = oslib_errbuf;
diff --git a/src/teliva.c b/src/teliva.c
index b88a42b..4ad530e 100644
--- a/src/teliva.c
+++ b/src/teliva.c
@@ -23,6 +23,10 @@ int starts_with(const char* s, const char* prefix) {
   return strncmp(s, prefix, strlen(prefix)) == 0;
 }
 
+int contains(const char* s, const char* sub) {
+  return strstr(s, sub) != NULL;
+}
+
 /*** Standard UI elements */
 
 int menu_column = 0;
diff --git a/src/teliva.h b/src/teliva.h
index 6777240..7455cfc 100644
--- a/src/teliva.h
+++ b/src/teliva.h
@@ -189,5 +189,6 @@ extern void render_previous_error(void);
 
 /* Misc */
 extern int starts_with(const char* s, const char* prefix);
+extern int contains(const char* s, const char* sub);
 
 #endif