Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #8886: Don't try to resolve folders within tars named '.' #8893

Merged
merged 1 commit into from Mar 28, 2021

Conversation

LordAro
Copy link
Member

@LordAro LordAro commented Mar 25, 2021

Motivation / Problem

Through mildly nefarious means, you can create a tar that has a "root folder" named .. In standard file systems, this is the current directory. But OTTD (without the tar filename to realise it's supposed to be within a tarfile, falls back to the standard directory resolving, which includes the the current directory, and can cause OTTD to try to load text files from that directory, rather than from within the tar

#8006 is beneficial here too, though no longer required for #8886

Description

Resolve the . (by ignoring it). This causes OTTD to not be able to find the grf/content item, which means it can't try to access textfiles in the wrong directory.

Limitations

Might want to add some sort of debug output for when this occurs? It's currently very unclear why a GRF has been silently rejected.
It should be noted that this cannot be "exploited" by bananas-downloaded content, as it would be rejected at that level.

Checklist for review

Some things are not automated, and forgotten often. This list is a reminder for the reviewers.

  • The bug fix is important enough to be backported? (label: 'backport requested')
  • This PR affects the save game format? (label 'savegame upgrade')
  • This PR affects the GS/AI API? (label 'needs review: Script API')
    • ai_changelog.hpp, gs_changelog.hpp need updating.
    • The compatibility wrappers (compat_*.nut) need updating.
  • This PR affects the NewGRF API? (label 'needs review: NewGRF')

@LordAro LordAro added the backport requested label Mar 25, 2021
src/fileio.cpp Outdated Show resolved Hide resolved
@LordAro LordAro merged commit 2d7b34b into OpenTTD:master Mar 28, 2021
12 checks passed
@LordAro LordAro deleted the bug8886 branch Mar 28, 2021
@TrueBrain TrueBrain added backported and removed backport requested labels Apr 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backported
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants