Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed security checking of collection files to avoid xml bombs

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6634 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2013-08-28 19:10:55 +00:00
parent a7af0516e7
commit 2109c05d26
1 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
retroshare-gui/src/gui/common/RsCollectionFile.cpp
View File

@ -159,7 +159,7 @@ RsCollectionFile::RsCollectionFile(const std::vector<DirDetails>& file_infos)
static void showErrorBox(const QString& filename, const QString& error)
{
QMessageBox mb(QMessageBox::Warning, QObject::tr("Failed to process collection file"), QObject::tr("The collection file %1 could not be opened.\nReported error is: %2").arg(filename).arg(error), QMessageBox::Ok);
QMessageBox mb(QMessageBox::Warning, QObject::tr("Failed to process collection file"), QObject::tr("The collection file %1 could not be opened.\nReported error is: \n\n%2").arg(filename).arg(error), QMessageBox::Ok);
mb.setWindowIcon(QIcon(":/images/rstray3.png"));
mb.exec();
}
@ -177,6 +177,58 @@ bool RsCollectionFile::load(const QString& filename, bool showError /* = true*/)
return false;
}
// check that the file is a valid rscollection file, and not a lol bomb or some shit like this
std::cerr << "Checking this file for bomb elements and various wrong stuff" << std::endl;
FILE *f = fopen(filename.toStdString().c_str(),"r") ;
char c ;
std::vector<std::string> bad_strings ;
bad_strings.push_back(std::string("<!entity ")) ;
static const int max_size = 12 ; // should be as large as the largest element in bad_strings
char current[max_size] = { 0,0,0,0,0,0,0,0,0,0,0,0 } ;
int n=0 ;
while( (c = fgetc(f)) != EOF || n >= 0)
{
if(c == '\t' || c == '\n' || c == '\b' || c == '\r')
continue ;
if(n == max_size || c==EOF)
for(int i=0;i<n-1;++i)
current[i] = current[i+1] ;
if(n == max_size)
--n ;
if(c >= 'A' && c <= 'Z') c += 'a' - 'A' ;
if(c != EOF)
current[n] = c ;
else
current[n] = 0 ;
//std::cerr << "n==" << n <<" Checking string " << std::string(current,n+1) << " c = " << std::hex << (int)c << std::dec << std::endl;
for(int i=0;i<bad_strings.size();++i)
if(std::string(current,bad_strings[i].length()) == bad_strings[i])
{
showErrorBox(filename, QApplication::translate("RsCollectionFile", "This file contains the string \"%1\" and is therefore an invalid collection file. \n\nIf you believe it is correct, remove the corresponding line from the file and re-open it with Retroshare.").arg(bad_strings[i].c_str()));
return false ;
//std::cerr << "Bad string detected" << std::endl;
}
if(c == EOF)
n-- ;
else if(n < max_size)
n++ ;
}
fclose(f) ;
// std::cerr << "File is clean!" << std::endl;
// return false ;
bool ok = _xml_doc.setContent(&file) ;
file.close();