Host_Motd_f: Fixed viewing motd when motdfile is not specified

dreamstalker · Sep 20, 2023 · de3679f · de3679f
1 parent 2ba27d4
commit de3679f
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 1 deletion.
diff --git a/rehlds/engine/common.cpp b/rehlds/engine/common.cpp
@@ -1978,6 +1978,34 @@ NOXREF int COM_ExpandFilename(char *filename)
 	return *filename != 0;
 }
 
+// small helper function shared by lots of modules
+qboolean COM_IsAbsolutePath(const char *pStr)
+{
+	if (strchr(pStr, ':') || pStr[0] == '/' || pStr[0] == '\\')
+		return FALSE;
+
+	return TRUE;
+}
+
+qboolean COM_IsValidPath(const char *pszFilename)
+{
+	if (!pszFilename)
+		return FALSE;
+
+	if (Q_strlen(pszFilename) <= 0    ||
+		Q_strstr(pszFilename, "\\\\") ||	// to protect network paths
+		Q_strstr(pszFilename, ":")    ||	// to protect absolute paths
+		Q_strstr(pszFilename, "..")   ||	// to protect relative paths
+		Q_strstr(pszFilename, "~")    ||
+		Q_strstr(pszFilename, "\n")   ||	// CFileSystem_Stdio::FS_fopen doesn't allow this
+		Q_strstr(pszFilename, "\r"))		// CFileSystem_Stdio::FS_fopen doesn't allow this
+	{
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
 int EXT_FUNC COM_FileSize(const char *filename)
 {
 	FileHandle_t fp;

diff --git a/rehlds/engine/common.h b/rehlds/engine/common.h
@@ -187,6 +187,8 @@ void COM_CreatePath(char *path);
 NOXREF void COM_CopyFile(char *netpath, char *cachepath);
 NOXREF int COM_ExpandFilename(char *filename);
 int COM_FileSize(const char *filename);
+qboolean COM_IsAbsolutePath(const char *pStr);
+qboolean COM_IsValidPath(const char *pszFilename);
 unsigned char *COM_LoadFile(const char *path, int usehunk, int *pLength);
 void COM_FreeFile(void *buffer);
 void COM_CopyFileChunk(FileHandle_t dst, FileHandle_t src, int nSize);

diff --git a/rehlds/engine/host_cmd.cpp b/rehlds/engine/host_cmd.cpp
@@ -205,11 +205,19 @@ void Host_Motd_f(void)
 	char *next;
 
 	pFileList = motdfile.string;
-	if (*pFileList == '/' || Q_strstr(pFileList, ":") || Q_strstr(pFileList, "..") || Q_strstr(pFileList, "\\"))
+	if (!COM_IsValidPath(pFileList) || COM_IsAbsolutePath(pFileList))
 	{
 		Con_Printf("Unable to open %s (contains illegal characters)\n", pFileList);
 		return;
 	}
+
+	const char *pchExtension = COM_FileExtension(pFileList);
+	if (Q_stricmp(pchExtension, "txt") != 0)
+	{
+		Con_Printf("Invalid motdfile name %s (wrong file extension, must be .txt)\n", pFileList);
+		return;
+	}
+
 	pFile = FS_Open(pFileList, "rb");
 	if (!pFile)
 	{