Don't load libraries with non-standard file extensions

Also don't allow writting files ending in a library extension such as ".so.0" or ".dylib.0".
2017-05-24 09:17:39 -05:00 · 2017-05-24 09:17:39 -05:00 · 05858d30e8
commit 05858d30e8
parent fbada2caf6
6 changed files with 64 additions and 11 deletions
--- a/code/sys/sys_main.c
+++ b/code/sys/sys_main.c
@ -499,11 +499,10 @@ from executable path, then fs_basepath.
 void *Sys_LoadDll(const char *name, qboolean useSystemLib)
 {
 	void *dllhandle;
-	
-	// Don't load any DLLs that end with the pk3 extension
-	if (COM_CompareExtension(name, ".pk3"))
+
+	if(!Sys_DllExtension(name))
 	{
-		Com_Printf("Rejecting DLL named \"%s\"", name);
+		Com_Printf("Refusing to attempt to load library \"%s\": Extension not allowed.\n", name);
 		return NULL;
 	}

@ -561,6 +560,12 @@ void *Sys_LoadGameDll(const char *name,

 	assert(name);

+	if(!Sys_DllExtension(name))
+	{
+		Com_Printf("Refusing to attempt to load library \"%s\": Extension not allowed.\n", name);
+		return NULL;
+	}
+
 	Com_Printf( "Loading DLL file: %s\n", name);
 	libHandle = Sys_LoadLibrary(name);

--- a/code/sys/sys_unix.c
+++ b/code/sys/sys_unix.c
@ -912,3 +912,44 @@ qboolean Sys_PIDIsRunning( int pid )
 {
 	return kill( pid, 0 ) == 0;
 }
+
+/*
+=================
+Sys_DllExtension
+
+Check if filename should be allowed to be loaded as a DLL.
+=================
+*/
+qboolean Sys_DllExtension( const char *name ) {
+	const char *p;
+	char c = 0;
+
+	if ( COM_CompareExtension( name, DLL_EXT ) ) {
+		return qtrue;
+	}
+
+	// Check for format of filename.so.1.2.3
+	p = strstr( name, DLL_EXT "." );
+
+	if ( p ) {
+		p += strlen( DLL_EXT );
+
+		// Check if .so is only followed for periods and numbers.
+		while ( *p ) {
+			c = *p;
+
+			if ( !isdigit( c ) && c != '.' ) {
+				return qfalse;
+			}
+
+			p++;
+		}
+
+		// Don't allow filename to end in a period. file.so., file.so.0., etc
+		if ( c != '.' ) {
+			return qtrue;
+		}
+	}
+
+	return qfalse;
+}
--- a/code/sys/sys_win32.c
+++ b/code/sys/sys_win32.c
@ -842,3 +842,14 @@ qboolean Sys_PIDIsRunning( int pid )

 	return qfalse;
 }
+
+/*
+=================
+Sys_DllExtension
+
+Check if filename should be allowed to be loaded as a DLL.
+=================
+*/
+qboolean Sys_DllExtension( const char *name ) {
+	return COM_CompareExtension( name, DLL_EXT );
+}