annotate arogue5/main.c @ 66:c56f672244f4

arogue5: close security holes. Prevent whoami (player name), file_name, and score_file from being changed if the systemwide save location is being used.
author elwin
date Sat, 11 Aug 2012 16:27:20 +0000
parents a98834ce7e04
children c49f7927b0fa
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
63
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
1 /*
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
2 * Rogue
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
3 *
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
4 * Advanced Rogue
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
5 * Copyright (C) 1984, 1985 Michael Morgan, Ken Dalka and AT&T
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
6 * All rights reserved.
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
7 *
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
8 * Based on "Rogue: Exploring the Dungeons of Doom"
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
9 * Copyright (C) 1980, 1981 Michael Toy, Ken Arnold and Glenn Wichman
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
10 * All rights reserved.
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
11 *
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
12 * See the file LICENSE.TXT for full copyright and licensing information.
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
13 */
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
14
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
15 #include "curses.h"
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
16 #include <fcntl.h>
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
17 #include <sys/stat.h>
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
18 #include <limits.h>
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
19 #include <signal.h>
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
20 #include <time.h>
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
21 #include "mach_dep.h"
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
22 #include "network.h"
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
23 #include "rogue.h"
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
24
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
25 #ifdef CHECKTIME
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
26 static int num_checks; /* times we've gone over in checkout() */
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
27 #endif
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
28
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
29 /*
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
30 * fruits that you get at startup
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
31 */
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
32 static char *funfruit[] = {
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
33 "candleberry", "caprifig", "dewberry", "elderberry",
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
34 "gooseberry", "guanabana", "hagberry", "ilama",
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
35 "imbu", "jaboticaba", "jujube", "litchi",
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
36 "mombin", "pitanga", "prickly pear", "rambutan",
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
37 "sapodilla", "soursop", "sweetsop", "whortleberry",
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
38 "jellybean", "apple", "strawberry", "blueberry",
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
39 "peach", "banana"
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
40 };
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
41 #define NFRUIT (sizeof(funfruit) / sizeof (char *))
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
42
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
43 main(argc, argv, envp)
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
44 char **argv;
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
45 char **envp;
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
46 {
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
47 register char *env;
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
48 int lowtime;
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
49 time_t now;
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
50 char *roguedir = md_getroguedir();
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
51
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
52 md_init();
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
53
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
54 /*
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
55 * get home and options from environment
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
56 */
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
57
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
58 strncpy(home,md_gethomedir(),LINELEN);
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
59
64
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
60 #ifdef SAVEDIR
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
61 if (argc >= 3 && !strcmp(argv[1], "-n")) {
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
62 use_savedir = TRUE;
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
63 strncpy(whoami, argv[2], LINELEN);
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
64 whoami[LINELEN - 1] = '\0';
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
65 if (snprintf(file_name, LINELEN, "%s%d-%.10s.ar5sav", SAVEDIR,
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
66 md_getuid(), whoami) >= LINELEN)
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
67 {
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
68 /* The name is too long */
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
69 use_savedir = FALSE;
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
70 }
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
71 }
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
72 #endif
63
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
73 /* Get default save file */
64
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
74 if (!use_savedir) {
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
75 strcpy(file_name, home);
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
76 strcat(file_name, "arogue58.sav");
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
77 }
63
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
78
64
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
79 #ifdef SCOREFILE
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
80 strncpy(score_file, SCOREFILE, LINELEN);
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
81 score_file[LINELEN - 1] = '\0';
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
82 #else
63
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
83 /* Get default score file */
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
84 strcpy(score_file, roguedir);
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
85
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
86 if (*score_file)
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
87 strcat(score_file,"/");
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
88
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
89 strcat(score_file, "arogue58.scr");
64
a98834ce7e04 arogue5: add the savedir feature.
elwin
parents: 63
diff changeset
90 #endif
63
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
91
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
92 if ((env = getenv("ROGUEOPTS")) != NULL)
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
93 parse_opts(env);
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
94
66
c56f672244f4 arogue5: close security holes.
elwin
parents: 64
diff changeset
95 if (!use_savedir && whoami[0] == '\0')
63
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
96 strucpy(whoami, md_getusername(), strlen(md_getusername()));
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
97
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
98 if (env == NULL || fruit[0] == '\0') {
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
99 md_srand((long)(getpid()+time(0)));
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
100 strcpy(fruit, funfruit[rnd(NFRUIT)]);
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
101 }
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff changeset
102
0ed67132cf10 Import Advanced Rogue 5.8 from the Roguelike Restoration Project (r1490)
elwin
parents:
diff