arogue5: close security holes.

Prevent whoami (player name), file_name, and score_file from being changed if the systemwide save location is being used.
2012-08-11 16:27:20 +00:00 · 2012-08-11 16:27:20 +00:00 · 5ce56875ec
commit 5ce56875ec
parent 4c16144c6b
3 changed files with 49 additions and 14 deletions
--- a/arogue5/main.c
+++ b/arogue5/main.c
@ -92,7 +92,7 @@ char **envp;
    if ((env = getenv("ROGUEOPTS")) != NULL)
 	parse_opts(env);

-    if (whoami[0] == '\0')
+    if (!use_savedir && whoami[0] == '\0')
        strucpy(whoami, md_getusername(), strlen(md_getusername()));

    if (env == NULL || fruit[0] == '\0') {
@ -194,7 +194,9 @@ char **envp;
 	byebye(-1);
    }

-    if ((whoami == NULL) || (*whoami == '\0') || (strcmp(whoami,"dosuser")==0))
+    if (!use_savedir) {
+        if ((whoami == NULL) || (*whoami == '\0') || 
+            (strcmp(whoami,"dosuser")==0))
        {
            echo();
            mvaddstr(23,2,"Rogue's Name? ");
@ -204,6 +206,7 @@ char **envp;

        if ((whoami == NULL) || (*whoami == '\0'))
            strcpy(whoami,"Rodney");
+    }

    setup();
    /*
--- a/arogue5/options.c
+++ b/arogue5/options.c
@ -38,6 +38,7 @@ int	put_bool(),
 	get_bool(),
 	put_str(),
 	get_str(),
+	get_restr(),
 	put_abil(),
 	get_abil(),
 	get_quest(),
@ -57,19 +58,34 @@ OPTION	optlist[] = {
    {"pickup", "Pick things up automatically: ",
 		(int *) &auto_pickup,	put_bool,	get_bool	},
    {"name",	 "Name: ",
-		(int *) whoami,		put_str,	get_str		},
+		(int *) whoami,		put_str,	get_restr	},
    {"fruit",	 "Fruit: ",
 		(int *) fruit,		put_str,	get_str		},
    {"file",	 "Save file: ",
-		(int *) file_name,	put_str,	get_str		},
+		(int *) file_name,	put_str,	get_restr	},
    {"score",	 "Score file: ",
-		(int *) score_file,	put_str,	get_str		},
+		(int *) score_file,	put_str,	get_restr	},
    {"class",	"Character class: ",
 		(int *)&char_type,	put_abil,	get_abil	},
    {"quest",	"Quest item: ",
 		(int *) &quest_item,	put_quest,	get_quest	}
 };

+/* For fields that would be restricted if use_savedir is set. */
+int get_restr(char *optstr, WINDOW *win)
+{
+    int oy, ox;
+
+    if (use_savedir)
+    {
+        getyx(win, oy, ox);
+        put_str(optstr, win);
+        return get_ro(win, oy, ox);
+    }
+    else
+        return get_str(optstr, win);
+}
+
 /*
 * The ability field is read-only
 */
@ -343,6 +359,11 @@ register char *str;
 	 * Look it up and deal with it
 	 */
 	for (op = optlist; op <= &optlist[NUM_OPTS-1]; op++)
+            /* None of these can be changed if using system savefiles. */
+            if (use_savedir && (!strcmp(op->o_name, "name") ||
+                                !strcmp(op->o_name, "file") ||
+                                !strcmp(op->o_name, "score") ))
+                continue;
 	    if (EQSTR(str, op->o_name, len))
 	    {
 		if (op->o_putfunc == put_bool)	/* if option is a boolean */
--- a/arogue5/save.c
+++ b/arogue5/save.c
@ -41,6 +41,9 @@ save_game()
    mpos = 0;
    if (file_name[0] != '\0')
    {
+        if (use_savedir)
+	    msg("Save game? ");
+        else
 	    msg("Save file (%s)? ", file_name);
 	do
 	{
@ -53,6 +56,10 @@ save_game()
 	    msg("File name: %s", file_name);
 	    goto gotfile;
 	}
+        if (use_savedir) {
+            msg("");
+	    return FALSE;
+        }
    }

    do
@ -69,7 +76,11 @@ save_game()
 	strcpy(file_name, buf);
 gotfile:
 	if ((savef = fopen(file_name, "w")) == NULL)
+        {
 	    msg(strerror(errno));	/* fake perror() */
+            if (use_savedir)
+	        return FALSE;
+        }
    } while (savef == NULL);

    /*