Mercurial > hg > early-roguelike
comparison arogue5/options.c @ 66:c56f672244f4
arogue5: close security holes.
Prevent whoami (player name), file_name, and score_file from being
changed if the systemwide save location is being used.
| author | elwin |
|---|---|
| date | Sat, 11 Aug 2012 16:27:20 +0000 |
| parents | 0ed67132cf10 |
| children | c49f7927b0fa |
comparison
equal
deleted
inserted
replaced
| 65:7aff18a8d508 | 66:c56f672244f4 |
|---|---|
| 36 | 36 |
| 37 int put_bool(), | 37 int put_bool(), |
| 38 get_bool(), | 38 get_bool(), |
| 39 put_str(), | 39 put_str(), |
| 40 get_str(), | 40 get_str(), |
| 41 get_restr(), | |
| 41 put_abil(), | 42 put_abil(), |
| 42 get_abil(), | 43 get_abil(), |
| 43 get_quest(), | 44 get_quest(), |
| 44 put_quest(); | 45 put_quest(); |
| 45 | 46 |
| 55 {"askme", "Ask me about unidentified things: ", | 56 {"askme", "Ask me about unidentified things: ", |
| 56 (int *) &askme, put_bool, get_bool }, | 57 (int *) &askme, put_bool, get_bool }, |
| 57 {"pickup", "Pick things up automatically: ", | 58 {"pickup", "Pick things up automatically: ", |
| 58 (int *) &auto_pickup, put_bool, get_bool }, | 59 (int *) &auto_pickup, put_bool, get_bool }, |
| 59 {"name", "Name: ", | 60 {"name", "Name: ", |
| 60 (int *) whoami, put_str, get_str }, | 61 (int *) whoami, put_str, get_restr }, |
| 61 {"fruit", "Fruit: ", | 62 {"fruit", "Fruit: ", |
| 62 (int *) fruit, put_str, get_str }, | 63 (int *) fruit, put_str, get_str }, |
| 63 {"file", "Save file: ", | 64 {"file", "Save file: ", |
| 64 (int *) file_name, put_str, get_str }, | 65 (int *) file_name, put_str, get_restr }, |
| 65 {"score", "Score file: ", | 66 {"score", "Score file: ", |
| 66 (int *) score_file, put_str, get_str }, | 67 (int *) score_file, put_str, get_restr }, |
| 67 {"class", "Character class: ", | 68 {"class", "Character class: ", |
| 68 (int *)&char_type, put_abil, get_abil }, | 69 (int *)&char_type, put_abil, get_abil }, |
| 69 {"quest", "Quest item: ", | 70 {"quest", "Quest item: ", |
| 70 (int *) &quest_item, put_quest, get_quest } | 71 (int *) &quest_item, put_quest, get_quest } |
| 71 }; | 72 }; |
| 72 | 73 |
| 74 /* For fields that would be restricted if use_savedir is set. */ | |
| 75 int get_restr(char *optstr, WINDOW *win) | |
| 76 { | |
| 77 int oy, ox; | |
| 78 | |
| 79 if (use_savedir) | |
| 80 { | |
| 81 getyx(win, oy, ox); | |
| 82 put_str(optstr, win); | |
| 83 return get_ro(win, oy, ox); | |
| 84 } | |
| 85 else | |
| 86 return get_str(optstr, win); | |
| 87 } | |
| 88 | |
| 73 /* | 89 /* |
| 74 * The ability field is read-only | 90 * The ability field is read-only |
| 75 */ | 91 */ |
| 76 get_abil(abil, win) | 92 get_abil(abil, win) |
| 77 int *abil; | 93 int *abil; |
| 341 len = (int)(sp - str); | 357 len = (int)(sp - str); |
| 342 /* | 358 /* |
| 343 * Look it up and deal with it | 359 * Look it up and deal with it |
| 344 */ | 360 */ |
| 345 for (op = optlist; op <= &optlist[NUM_OPTS-1]; op++) | 361 for (op = optlist; op <= &optlist[NUM_OPTS-1]; op++) |
| 362 /* None of these can be changed if using system savefiles. */ | |
| 363 if (use_savedir && (!strcmp(op->o_name, "name") || | |
| 364 !strcmp(op->o_name, "file") || | |
| 365 !strcmp(op->o_name, "score") )) | |
| 366 continue; | |
| 346 if (EQSTR(str, op->o_name, len)) | 367 if (EQSTR(str, op->o_name, len)) |
| 347 { | 368 { |
| 348 if (op->o_putfunc == put_bool) /* if option is a boolean */ | 369 if (op->o_putfunc == put_bool) /* if option is a boolean */ |
| 349 *(bool *)op->o_opt = TRUE; | 370 *(bool *)op->o_opt = TRUE; |
| 350 else /* string option */ | 371 else /* string option */ |