From 12a2f30f47b09f81a828455a73ddb4dcc47403c4 Mon Sep 17 00:00:00 2001 From: Jamie Reece Wilson Date: Sat, 9 Sep 2023 23:57:01 +0100 Subject: [PATCH] [*] 9ab0c25b but for UNIX --- Source/Processes/AuOpen.Unix.cpp | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/Source/Processes/AuOpen.Unix.cpp b/Source/Processes/AuOpen.Unix.cpp index 621e231b..76bc400f 100644 --- a/Source/Processes/AuOpen.Unix.cpp +++ b/Source/Processes/AuOpen.Unix.cpp @@ -26,11 +26,36 @@ namespace Aurora::Processes AUKN_SYM void OpenUri(const AuString &uri) { + if (AuFS::FileExists(uri)) + { + SysPushErrorGeneric("Exploit attempt? Attempted to open existing file/directory via URI ({})", uri); + return; + } + UnixOpenAsync(uri); } AUKN_SYM void OpenFile(const AuString &file) { - UnixOpenAsync(IO::FS::NormalizePathRet(file)); + auto path = AuIOFS::NormalizePathRet(file); + bool bFileExists {}; + + if (!(bFileExists = AuFS::FileExists(path)) && + !AuFS::DirExists(path)) + { + SysPushErrorGeneric("Exploit attempt? Attempted to open non-existent file/directory. (request: {})", file); + return; + } + + if (bFileExists) + { + if (!AuFS::IsFileBlocked(path)) + { + SysPushErrorGeneric("Exploit attempt? Attempted to open untrusted file/directory. (request: {})", file); + return; + } + } + + UnixOpenAsync(path); } } \ No newline at end of file