diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/liolib.c | 6 | ||||
| -rw-r--r-- | src/loslib.c | 15 | ||||
| -rw-r--r-- | src/teliva.c | 4 | ||||
| -rw-r--r-- | src/teliva.h | 1 |
4 files changed, 25 insertions, 1 deletions
diff --git a/src/liolib.c b/src/liolib.c index feeeb8f..7824a58 100644 --- a/src/liolib.c +++ b/src/liolib.c @@ -139,7 +139,11 @@ static int io_open (lua_State *L) { /* other filenames starting with teliva_ are never ok (reserved for the * framework, should not be accessed by apps directly */ else if (starts_with(filename, "teliva_")) { - snprintf(iolib_errbuf, 1024, "app tried to open file '%s'; that's never allowed for filenames starting with 'teliva_'", filename); + snprintf(iolib_errbuf, 1024, "app tried to open file '%s'; relative paths are never allowed", filename); + Previous_message = iolib_errbuf; + } + else if (contains(filename, "./")) { + snprintf(iolib_errbuf, 1024, "app tried to open file '%s'; relative paths are never allowed", filename); Previous_message = iolib_errbuf; } else if (file_operation_permitted(filename, mode)) { diff --git a/src/loslib.c b/src/loslib.c index 4715daa..530af6b 100644 --- a/src/loslib.c +++ b/src/loslib.c @@ -47,6 +47,11 @@ static int os_remove (lua_State *L) { Previous_message = oslib_errbuf; return os_pushresult(L, 0, filename); } + else if (contains(filename, "./")) { + snprintf(oslib_errbuf, 1024, "app tried to remove file '%s'; relative paths are never allowed", filename); + Previous_message = oslib_errbuf; + return os_pushresult(L, 0, filename); + } else if (!file_operation_permitted(filename, "w")) { snprintf(oslib_errbuf, 1024, "app tried to remove file '%s'; give it write permissions (ctrl-p) if that is expected", filename); Previous_message = oslib_errbuf; @@ -69,6 +74,11 @@ static int os_rename (lua_State *L) { Previous_message = oslib_errbuf; return os_pushresult(L, 0, fromname); } + else if (contains(fromname, "./")) { + snprintf(oslib_errbuf, 1024, "app tried to rename file '%s'; relative paths are never allowed", fromname); + Previous_message = oslib_errbuf; + return os_pushresult(L, 0, fromname); + } else if (!file_operation_permitted(fromname, "r")) { snprintf(oslib_errbuf, 1024, "app tried to rename file '%s'; give it read permissions (ctrl-p) if that is expected", fromname); Previous_message = oslib_errbuf; @@ -82,6 +92,11 @@ static int os_rename (lua_State *L) { Previous_message = oslib_errbuf; return os_pushresult(L, 0, toname); } + else if (contains(fromname, "./")) { + snprintf(oslib_errbuf, 1024, "app tried to rename to file '%s'; relative paths are never allowed", toname); + Previous_message = oslib_errbuf; + return os_pushresult(L, 0, toname); + } else if (!file_operation_permitted(toname, "w")) { snprintf(oslib_errbuf, 1024, "app tried to rename to file '%s'; give it write permissions (ctrl-p) if that is expected", toname); Previous_message = oslib_errbuf; diff --git a/src/teliva.c b/src/teliva.c index b88a42b..4ad530e 100644 --- a/src/teliva.c +++ b/src/teliva.c @@ -23,6 +23,10 @@ int starts_with(const char* s, const char* prefix) { return strncmp(s, prefix, strlen(prefix)) == 0; } +int contains(const char* s, const char* sub) { + return strstr(s, sub) != NULL; +} + /*** Standard UI elements */ int menu_column = 0; diff --git a/src/teliva.h b/src/teliva.h index 6777240..7455cfc 100644 --- a/src/teliva.h +++ b/src/teliva.h @@ -189,5 +189,6 @@ extern void render_previous_error(void); /* Misc */ extern int starts_with(const char* s, const char* prefix); +extern int contains(const char* s, const char* sub); #endif |