From 99e2a55cec3b055b2eb9f64a534049e0d9bb22ab Mon Sep 17 00:00:00 2001 From: Stanislaw Halik Date: Fri, 2 Dec 2022 16:12:20 +0100 Subject: loader: check atlas name harder 1. don't duplicate checking logic 2. check for ascii null characters in names 3. allow space characters --- loader/atlas.cpp | 2 +- loader/json.cpp | 1 + loader/texture.cpp | 5 ++--- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/loader/atlas.cpp b/loader/atlas.cpp index d7f21ce5..f285d3b1 100644 --- a/loader/atlas.cpp +++ b/loader/atlas.cpp @@ -87,7 +87,7 @@ bool loader_impl::check_atlas_name(StringView str) { if (str.isEmpty()) return false; - if (str.findAny("\\<>&;:^'\" ") || str.find("/.")) + if (str.findAny("\0\\<>&;:^'\""_s) || str.find("/."_s)) return false; if (str[0] == '.' || str[0] == '/') return false; diff --git a/loader/json.cpp b/loader/json.cpp index 77da5905..dbe21d50 100644 --- a/loader/json.cpp +++ b/loader/json.cpp @@ -39,6 +39,7 @@ const std::vector& loader_impl::sceneries() const scenery_proto& loader_impl::scenery(StringView name) noexcept(false) { + fm_soft_assert(check_atlas_name(name)); if (sceneries_array.empty()) get_scenery_list(); auto it = sceneries_map.find(name); diff --git a/loader/texture.cpp b/loader/texture.cpp index 42940af2..6ffcc5d8 100644 --- a/loader/texture.cpp +++ b/loader/texture.cpp @@ -18,9 +18,8 @@ Trade::ImageData2D loader_impl::texture(StringView prefix, StringView filename_) const auto N = prefix.size(); if (N > 0) fm_assert(prefix[N-1] == '/'); - fm_soft_assert(filename_.size() < 4096); - fm_soft_assert(filename_.find('\\') == filename_.end()); - fm_soft_assert(filename_.find('\0') == filename_.end()); + fm_soft_assert(filename_.size() < 512); + fm_soft_assert(check_atlas_name(filename_)); fm_soft_assert(tga_importer); constexpr std::size_t max_extension_length = 16; -- cgit v1.2.3