diff options
| author | Louis Burda <quent.burda@gmail.com> | 2021-07-08 12:22:05 +0200 |
|---|---|---|
| committer | Louis Burda <quent.burda@gmail.com> | 2021-07-08 12:22:05 +0200 |
| commit | 4dbe86d40037375ca873d368da5ca0c080e40afd (patch) | |
| tree | addd93bda4e9996a0df09838ab7b1164a52934dd /src | |
| parent | 560218f16b0d4741364a426809fe5b99a9d8ee48 (diff) | |
| download | enowars5-service-stldoctor-4dbe86d40037375ca873d368da5ca0c080e40afd.tar.gz enowars5-service-stldoctor-4dbe86d40037375ca873d368da5ca0c080e40afd.zip | |
add authorization check to list as well so that second exploit cant be used for first flagstore
Diffstat (limited to 'src')
| -rw-r--r-- | src/main.c | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -78,6 +78,12 @@ unlockfile(FILE **f) } int +authorized(char prefix) +{ + return ((prefix == '.') == (loggedin > 0)); +} + +int save_submission(struct parseinfo *info, char *stldata, int stlsize) { char *dirpath = NULL, *infopath = NULL, *modeldir = NULL, @@ -317,7 +323,7 @@ search_cmd(const char *arg) while ((c = fgetc(f)) > 0) { if (c == '\n') { matchlen = 0; - } else if (!matchlen && (c == '.') != loggedin) { + } else if (!matchlen && !authorized(c)) { matchlen = -1; } else if (matchlen >= 0 && c == filename[matchlen]) { matchlen += 1; @@ -346,7 +352,7 @@ search_cmd(const char *arg) while (1) { resp = ask("> Enter %s [q to quit]: ", resp ? "another" : "hash"); - if (strchr(resp, 'q')) break; + if (strchr(resp, 'q') || !*resp) break; if (checkalph(resp, ".abcdef0123456789-") != OK) { ERR("Invalid model id specified\n"); goto exit; @@ -384,6 +390,8 @@ list_cmd(const char *arg) if (*buf && buf[strlen(buf)-1] == '\n') buf[strlen(buf)-1] = '\0'; + if (!authorized(*buf)) continue; + printf(">> %s\n", buf); path = aprintf("%s/%s/info", resultdir, buf); if ((fn = fopen(path, "r")) && load_info(&info, fn) == OK) { |