X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FMain%2Futil.cxx;h=b5ea49dc6c6c8253852425b81d456b63f5b79e24;hb=b5835c38b4fb86262a1ebb24da34d7531c204c6d;hp=2cd15b5b008a7fa9e10d339a7c17f7eafb4acecf;hpb=e86cecf4704a4bdcf43114245d8ac94adb1f1eef;p=flightgear.git diff --git a/src/Main/util.cxx b/src/Main/util.cxx index 2cd15b5b0..b5ea49dc6 100644 --- a/src/Main/util.cxx +++ b/src/Main/util.cxx @@ -17,10 +17,10 @@ // // $Id$ -#ifdef HAVE_CONFIG_H -# include -#endif - +#ifdef HAVE_CONFIG_H +# include +#endif + #include #include @@ -28,12 +28,12 @@ #include #include -using std::vector; #include #include #include +#include #include "fg_io.hxx" #include "fg_props.hxx" #include "globals.hxx" @@ -43,6 +43,8 @@ using std::vector; #include "osgDB/Registry" #endif +using std::vector; + // Originally written by Alex Perry. double fgGetLowPass (double current, double target, double timeratio) @@ -70,79 +72,134 @@ fgGetLowPass (double current, double target, double timeratio) return current; } +static string_list read_allowed_paths; +static string_list write_allowed_paths; -string -fgUnescape (const char *s) +// Allowed paths here are absolute, and may contain _one_ *, +// which matches any string +// FG_SCENERY is deliberately not allowed, as it would make +// /sim/terrasync/scenery-dir a security hole +void fgInitAllowedPaths() { - string r; - while (*s) { - if (*s != '\\') { - r += *s++; - continue; - } - if (!*++s) - break; - if (*s == '\\') { - r += '\\'; - } else if (*s == 'n') { - r += '\n'; - } else if (*s == 'r') { - r += '\r'; - } else if (*s == 't') { - r += '\t'; - } else if (*s == 'v') { - r += '\v'; - } else if (*s == 'f') { - r += '\f'; - } else if (*s == 'a') { - r += '\a'; - } else if (*s == 'b') { - r += '\b'; - } else if (*s == 'x') { - if (!*++s) - break; - int v = 0; - for (int i = 0; i < 2 && isxdigit(*s); i++, s++) - v = v * 16 + (isdigit(*s) ? *s - '0' : 10 + tolower(*s) - 'a'); - r += v; - continue; - - } else if (*s >= '0' && *s <= '7') { - int v = *s++ - '0'; - for (int i = 0; i < 3 && *s >= '0' && *s <= '7'; i++, s++) - v = v * 8 + *s - '0'; - r += v; - continue; + read_allowed_paths.clear(); + write_allowed_paths.clear(); + read_allowed_paths.push_back(globals->get_fg_root() + "/*"); + read_allowed_paths.push_back(globals->get_fg_home() + "/*"); + string_list const aircraft_paths = globals->get_aircraft_paths(); + for( string_list::const_iterator it = aircraft_paths.begin(); + it != aircraft_paths.end(); + ++it ) + { + read_allowed_paths.push_back(*it + "/*"); + } - } else { - r += *s; + for( string_list::const_iterator it = read_allowed_paths.begin(); + it != read_allowed_paths.end(); + ++it ) + { // if we get the initialization order wrong, better to have an + // obvious error than a can-read-everything security hole... + if (!(it->compare("/*"))){ + flightgear::fatalMessageBox("Nasal initialization error", + "Empty string in FG_ROOT, FG_HOME or FG_AIRCRAFT", + "or fgInitAllowedPaths() called too early"); + exit(-1); } - s++; } - return r; + write_allowed_paths.push_back("/tmp/*.xml"); + write_allowed_paths.push_back(globals->get_fg_home() + "/*.sav"); + write_allowed_paths.push_back(globals->get_fg_home() + "/*.log"); + write_allowed_paths.push_back(globals->get_fg_home() + "/cache/*"); + write_allowed_paths.push_back(globals->get_fg_home() + "/Export/*"); + write_allowed_paths.push_back(globals->get_fg_home() + "/state/*.xml"); + write_allowed_paths.push_back(globals->get_fg_home() + "/aircraft-data/*.xml"); + write_allowed_paths.push_back(globals->get_fg_home() + "/Wildfire/*.xml"); + write_allowed_paths.push_back(globals->get_fg_home() + "/runtime-jetways/*.xml"); + write_allowed_paths.push_back(globals->get_fg_home() + "/Input/Joysticks/*.xml"); + + // Check that it works + if(!fgValidatePath(globals->get_fg_home() + "/../no.log",true).empty() || + !fgValidatePath(globals->get_fg_home() + "/no.lot",true).empty() || + !fgValidatePath(globals->get_fg_home() + "/nolog",true).empty() || + !fgValidatePath(globals->get_fg_home() + "no.log",true).empty() || + !fgValidatePath("..\\" + globals->get_fg_home() + "/no.log",false).empty() || + !fgValidatePath(std::string("/tmp/no.xml"),false).empty() || + fgValidatePath(globals->get_fg_home() + "/./ff/../Export\\yes..gg",true).empty() || + fgValidatePath(globals->get_fg_home() + "/aircraft-data/yes..xml",true).empty() || + fgValidatePath(globals->get_fg_root() + "/./\\yes.bmp",false).empty()) { + flightgear::fatalMessageBox("Nasal initialization error", + "fgInitAllowedPaths() does not work", + ""); + exit(-1); + } } +// Normalize a path +// Unlike SGPath::realpath, does not require that the file already exists, +// but does require that it be below the starting point +static std::string fgNormalizePath (const std::string& path) +{ + string_list path_parts; + char c; + std::string normed_path = "", this_part = ""; + + for (int pos = 0; ; pos++) { + c = path[pos]; + if (c == '\\') { c = '/'; } + if ((c == '/') || (c == 0)) { + if ((this_part == "/..") || (this_part == "..")) { + if (path_parts.empty()) { return ""; } + path_parts.pop_back(); + } else if ((this_part != "/.") && (this_part != "/")) { + path_parts.push_back(this_part); + } + this_part = ""; + } + if (c == 0) { break; } + this_part = this_part + c; + } + for( string_list::const_iterator it = path_parts.begin(); + it != path_parts.end(); + ++it ) + { + normed_path.append(*it); + } + return normed_path; + } -// Write out path to validation node and read it back in. A Nasal -// listener is supposed to replace the path with a validated version -// or an empty string otherwise. -const char *fgValidatePath (const char *str, bool write) + +// Check whether Nasal is allowed to access a path +std::string fgValidatePath (const std::string& path, bool write) { - static SGPropertyNode_ptr r, w; - if (!r) { - r = fgGetNode("/sim/paths/validate/read", true); - r->setAttribute(SGPropertyNode::READ, true); - r->setAttribute(SGPropertyNode::WRITE, true); - - w = fgGetNode("/sim/paths/validate/write", true); - w->setAttribute(SGPropertyNode::READ, true); - w->setAttribute(SGPropertyNode::WRITE, true); + const string_list& allowed_paths(write ? write_allowed_paths : read_allowed_paths); + int star_pos; + + // Normalize the path (prevents ../../.. trickery) + std::string normed_path = fgNormalizePath(path); + + // Check against each allowed pattern + for( string_list::const_iterator it = allowed_paths.begin(); + it != allowed_paths.end(); + ++it ) + { + star_pos = it->find('*'); + if (star_pos == std::string::npos) { + if (!(it->compare(normed_path))) { + return normed_path; + } + } else { + if ((it->size()-1 <= normed_path.size()) /* long enough to be a potential match */ + && !(it->substr(0,star_pos) + .compare(normed_path.substr(0,star_pos))) /* before-star parts match */ + && !(it->substr(star_pos+1,it->size()-star_pos-1) + .compare(normed_path.substr(star_pos+1+normed_path.size()-it->size(), + it->size()-star_pos-1))) /* after-star parts match */) { + return normed_path; + } + } } - SGPropertyNode *prop = write ? w : r; - prop->setStringValue(str); - const char *result = prop->getStringValue(); - return result[0] ? result : 0; + // no match found + return ""; } - +std::string fgValidatePath(const SGPath& path, bool write) { return fgValidatePath(path.str(),write); } // end of util.cxx