Mercurial > hg > early-roguelike

comparison arogue5/save.c @ 66:c56f672244f4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
arogue5: close security holes. Prevent whoami (player name), file_name, and score_file from being changed if the systemwide save location is being used.
author elwin
date Sat, 11 Aug 2012 16:27:20 +0000
parents a98834ce7e04
children c49f7927b0fa
comparison
equal deleted inserted replaced
65:7aff18a8d508 66:c56f672244f4
39 * get file name 39 * get file name
40 */ 40 */
41 mpos = 0; 41 mpos = 0;
42 if (file_name[0] != '\0') 42 if (file_name[0] != '\0')
43 { 43 {
44 msg("Save file (%s)? ", file_name); 44 if (use_savedir)
45 msg("Save game? ");
46 else
47 msg("Save file (%s)? ", file_name);
45 do 48 do
46 { 49 {
47 c = readchar(); 50 c = readchar();
48 if (c == ESCAPE) return(0); 51 if (c == ESCAPE) return(0);
49 } while (c != 'n' && c != 'N' && c != 'y' && c != 'Y'); 52 } while (c != 'n' && c != 'N' && c != 'y' && c != 'Y');
51 if (c == 'y' || c == 'Y') 54 if (c == 'y' || c == 'Y')
52 { 55 {
53 msg("File name: %s", file_name); 56 msg("File name: %s", file_name);
54 goto gotfile; 57 goto gotfile;
55 } 58 }
59 if (use_savedir) {
60 msg("");
61 return FALSE;
62 }
56 } 63 }
57 64
58 do 65 do
59 { 66 {
60 msg("File name: "); 67 msg("File name: ");
67 } 74 }
68 msg(""); 75 msg("");
69 strcpy(file_name, buf); 76 strcpy(file_name, buf);
70 gotfile: 77 gotfile:
71 if ((savef = fopen(file_name, "w")) == NULL) 78 if ((savef = fopen(file_name, "w")) == NULL)
79 {
72 msg(strerror(errno)); /* fake perror() */ 80 msg(strerror(errno)); /* fake perror() */
81 if (use_savedir)
82 return FALSE;
83 }
73 } while (savef == NULL); 84 } while (savef == NULL);
74 85
75 /* 86 /*
76 * write out encrpyted file (after a stat) 87 * write out encrpyted file (after a stat)
77 * The fwrite is to force allocation of the buffer before the write 88 * The fwrite is to force allocation of the buffer before the write