From 4dbe86d40037375ca873d368da5ca0c080e40afd Mon Sep 17 00:00:00 2001
From: Louis Burda <quent.burda@gmail.com>
Date: Thu, 8 Jul 2021 12:22:05 +0200
Subject: add authorization check to list as well so that second exploit cant
 be used for first flagstore

---
 service/src/main.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'service/src/main.c')

diff --git a/service/src/main.c b/service/src/main.c
index 4b2786d..d84a460 100644
--- a/service/src/main.c
+++ b/service/src/main.c
@@ -77,6 +77,12 @@ unlockfile(FILE **f)
 	}
 }
 
+int
+authorized(char prefix)
+{
+	return ((prefix == '.') == (loggedin > 0));
+}
+
 int
 save_submission(struct parseinfo *info, char *stldata, int stlsize)
 {
@@ -314,7 +320,7 @@ search_cmd(const char *arg)
 	while ((c = fgetc(f)) > 0) {
 		if (c == '\n') {
 			matchlen = 0;
-		} else if (!matchlen && (c == '.') != loggedin) {
+		} else if (!matchlen && !authorized(c)) {
 			matchlen = -1;
 		} else if (matchlen >= 0 && c == filename[matchlen]) {
 			matchlen += 1;
@@ -380,6 +386,8 @@ list_cmd(const char *arg)
 		if (*buf && buf[strlen(buf)-1] == '\n')
 			buf[strlen(buf)-1] = '\0';
 
+		if (!authorized(*buf)) continue;
+
 		printf(">> %s\n", buf);
 		path = aprintf("%s/%s/info", resultdir, buf);
 		if ((fn = fopen(path, "r")) && load_info(&info, fn) == OK) {
-- 
cgit v1.2.3-71-gd317