warden/early-roguelike
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

arogue5: close security holes.

Browse source 
Prevent whoami (player name), file_name, and score_file from being
changed if the systemwide save location is being used.
This commit is contained in:
John "Elwin" Edwards 2012-08-11 16:27:20 +00:00
parent 4c16144c6b
commit 5ce56875ec
3 changed files with 49 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

23
arogue5/main.c
View file

@ -92,7 +92,7 @@ char **envp;
if ((env = getenv("ROGUEOPTS")) != NULL)
parse_opts(env);
if (whoami[0] == '\0')
if (!use_savedir && whoami[0] == '\0')
strucpy(whoami, md_getusername(), strlen(md_getusername()));
if (env == NULL || fruit[0] == '\0') {
@ -194,16 +194,19 @@ char **envp;
byebye(-1);
}
if ((whoami == NULL) || (*whoami == '\0') || (strcmp(whoami,"dosuser")==0))
{
echo();
mvaddstr(23,2,"Rogue's Name? ");
wgetnstr(stdscr,whoami,LINELEN);
noecho();
}
if (!use_savedir) {
if ((whoami == NULL) || (*whoami == '\0') ||
(strcmp(whoami,"dosuser")==0))
{
echo();
mvaddstr(23,2,"Rogue's Name? ");
wgetnstr(stdscr,whoami,LINELEN);
noecho();
}
if ((whoami == NULL) || (*whoami == '\0'))
strcpy(whoami,"Rodney");
if ((whoami == NULL) || (*whoami == '\0'))
strcpy(whoami,"Rodney");
}
setup();
/*