From 4dbe86d40037375ca873d368da5ca0c080e40afd Mon Sep 17 00:00:00 2001 From: Louis Burda Date: Thu, 8 Jul 2021 12:22:05 +0200 Subject: add authorization check to list as well so that second exploit cant be used for first flagstore --- src/main.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/main.c b/src/main.c index b639f6a..ff04849 100644 --- a/src/main.c +++ b/src/main.c @@ -77,6 +77,12 @@ unlockfile(FILE **f) } } +int +authorized(char prefix) +{ + return ((prefix == '.') == (loggedin > 0)); +} + int save_submission(struct parseinfo *info, char *stldata, int stlsize) { @@ -317,7 +323,7 @@ search_cmd(const char *arg) while ((c = fgetc(f)) > 0) { if (c == '\n') { matchlen = 0; - } else if (!matchlen && (c == '.') != loggedin) { + } else if (!matchlen && !authorized(c)) { matchlen = -1; } else if (matchlen >= 0 && c == filename[matchlen]) { matchlen += 1; @@ -346,7 +352,7 @@ search_cmd(const char *arg) while (1) { resp = ask("> Enter %s [q to quit]: ", resp ? "another" : "hash"); - if (strchr(resp, 'q')) break; + if (strchr(resp, 'q') || !*resp) break; if (checkalph(resp, ".abcdef0123456789-") != OK) { ERR("Invalid model id specified\n"); goto exit; @@ -384,6 +390,8 @@ list_cmd(const char *arg) if (*buf && buf[strlen(buf)-1] == '\n') buf[strlen(buf)-1] = '\0'; + if (!authorized(*buf)) continue; + printf(">> %s\n", buf); path = aprintf("%s/%s/info", resultdir, buf); if ((fn = fopen(path, "r")) && load_info(&info, fn) == OK) { -- cgit v1.2.3-71-gd317