From 9ab0c25b055f97e97636e743b2fdd74e0e9cea30 Mon Sep 17 00:00:00 2001 From: Jamie Reece Wilson Date: Sat, 9 Sep 2023 23:09:28 +0100 Subject: [PATCH] [*] Win32 opener: ensure file/dir exists (subject to time of check attack, but its fine to prevent stupid 'open' shellexec exploits. wont save you if io write is available) --- Source/Processes/AuOpen.Win32.cpp | 35 ++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/Source/Processes/AuOpen.Win32.cpp b/Source/Processes/AuOpen.Win32.cpp index bfcc285d..a761295f 100644 --- a/Source/Processes/AuOpen.Win32.cpp +++ b/Source/Processes/AuOpen.Win32.cpp @@ -75,19 +75,48 @@ namespace Aurora::Processes void DeinitWin32Opener() { gOpenerThread->SendExitSignal(); - gCondVariable->Broadcast(); + gCondVariable->Signal(); gOpenerThread.reset(); } AUKN_SYM void OpenUri(const AuString &uri) { + if (AuFS::FileExists(uri)) + { + SysPushErrorGeneric("Exploit attempt? Attempted to open existing file/directory via URI ({})", uri); + return; + } + AU_LOCK_GUARD(gCondMutex); AuTryInsert(gOpenItems, uri); - gCondVariable->Broadcast(); + gCondVariable->Signal(); } AUKN_SYM void OpenFile(const AuString &file) { - OpenUri(AuIOFS::NormalizePathRet(file)); + auto path = AuIOFS::NormalizePathRet(file); + bool bFileExists {}; + + if (!(bFileExists = AuFS::FileExists(path)) && + !AuFS::DirExists(path)) + { + SysPushErrorGeneric("Exploit attempt? Attempted to open non-existent file/directory. (request: {})", file); + return; + } + + if (bFileExists) + { + if (!AuFS::IsFileBlocked(path)) + { + SysPushErrorGeneric("Exploit attempt? Attempted to open untrusted file/directory. (request: {})", file); + return; + } + } + + { + AU_LOCK_GUARD(gCondMutex); + AuTryInsert(gOpenItems, AuMove(path)); + gCondVariable->Signal(); + } } } \ No newline at end of file