Skip to content
Permalink
Browse files Browse the repository at this point in the history
Use looks_like_pbl() to disallow .pbl file inclusion (bug #23504)
This function is implemented using case-insensitive pattern matching,
unlike filesystem::ends_with(). I missed this when writing my original
fix, so the vulnerability still applied to .pbl files on a
case-insensitive filesystem (e.g. NTFS and FAT* on Windows) by using
different case to bypass the check.
  • Loading branch information
irydacea committed Jun 17, 2015
1 parent 634d290 commit b2738ff
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 4 deletions.
3 changes: 2 additions & 1 deletion changelog
@@ -1,6 +1,7 @@
Version 1.13.0+dev:
* Security fixes:
* Disallowed inclusion of .pbl files from WML (bug #23504).
* Disallowed inclusion of .pbl files from WML (bug #23504), independent of
file name case.
* AI:
* Fast Micro AI: exclude hidden enemies from attack evaluation by default;
add optional key attack_hidden_enemies to override this
Expand Down
3 changes: 2 additions & 1 deletion players_changelog
Expand Up @@ -4,7 +4,8 @@ changelog: https://github.com/wesnoth/wesnoth/blob/master/changelog

Version 1.13.0+dev:
* Security fixes:
* Disallowed inclusion of .pbl files from WML (bug #23504).
* Disallowed inclusion of .pbl files from WML (bug #23504), independent of
file name case.

* Campaigns:
* Dead Water:
Expand Down
2 changes: 1 addition & 1 deletion src/filesystem.cpp
Expand Up @@ -1008,7 +1008,7 @@ std::string get_wml_location(const std::string &filename, const std::string &cur
return result;
}

if (ends_with(filename, ".pbl")) {
if (looks_like_pbl(filename)) {
ERR_FS << "Illegal path '" << filename << "' (.pbl files are not allowed)." << std::endl;
return result;
}
Expand Down
2 changes: 1 addition & 1 deletion src/filesystem_boost.cpp
Expand Up @@ -1000,7 +1000,7 @@ static bool is_legal_file(const std::string &filename)
return false;
}

if (ends_with(filename, ".pbl")) {
if (looks_like_pbl(filename)) {
ERR_FS << "Illegal path '" << filename << "' (.pbl files are not allowed)." << std::endl;
return false;
}
Expand Down

0 comments on commit b2738ff

Please sign in to comment.