Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NetPlay: Check file names when receiving GCI folder #9759

Merged
merged 1 commit into from May 31, 2021
Merged

NetPlay: Check file names when receiving GCI folder #9759

merged 1 commit into from May 31, 2021

Conversation

Techjar
Copy link
Contributor

@Techjar Techjar commented May 28, 2021
edited

A sort of follow-up to #9754. Has not yet been tested.

Dentomologist
Dentomologist reviewed May 28, 2021
View reviewed changes
Source/Core/Common/NandPaths.cpp Outdated Show resolved Hide resolved
Source/Core/Common/NandPaths.cpp Outdated Show resolved Hide resolved
@AdmiralCurtiss
Copy link
Contributor

Admittedly this would require a larger rewrite, but... what is the benefit of syncing individual GCI filenames? Wouldn't it be far easier (and likely more consistent, when you think about things like file order returned when iterating through a directory and the like) to just build a raw memory card in memory on the host, and then sync that?

@Techjar
Copy link
Contributor Author

Techjar commented May 28, 2021

That doesn't really sound easier. Not only does it make the save syncing code more complex, it also means we have to worry about extracting the raw memory card back to the host's GCI folder if write saves is enabled.

@Techjar Techjar force-pushed the netplay-sanitize-gci branch 2 times, most recently from 61080c5 to e5b3ae1 Compare May 29, 2021 06:13
@Pokechu22
Copy link
Contributor

Since / and \ are escaped, path traversal attacks shouldn't be possible, which is good. However, it might be good to also treat empty file names as invalid (this might already be handled by the !std::all_of check, but it could be made explicit). Windows also has some file name restrictions but those are probably not worth worrying about.

@JosJuice JosJuice merged commit c404452 into dolphin-emu:master May 31, 2021
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lioncash lioncash lioncash left review comments

@Dentomologist Dentomologist Dentomologist left review comments

@JosJuice JosJuice JosJuice approved these changes

@Pokechu22 Pokechu22 Pokechu22 approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
6 participants
@Techjar @AdmiralCurtiss @Pokechu22 @lioncash @JosJuice @Dentomologist