Lines 77-82
int dzRead (int inlen)
Link Here
|
77 |
return 1; |
77 |
return 1; |
78 |
} |
78 |
} |
79 |
|
79 |
|
|
|
80 |
#define IS_SEP(c) (c == '/' || c == ':' || c == '\\') |
81 |
void scrub_name(char *smee) |
82 |
{ |
83 |
char *paths[] = { "../", "..\\", "..:", NULL}; |
84 |
size_t p, i, len; |
85 |
char scrubit, scrubbed; |
86 |
|
87 |
scrubbed = 0; |
88 |
len = strlen(smee); |
89 |
i = 0; |
90 |
scrubit = 1; |
91 |
|
92 |
/* search the path and scrub out all relative paths */ |
93 |
while (i + 3 < len) { |
94 |
for (p = 0; paths[p]; ++p) { |
95 |
if (scrubit && !strncmp(paths[p], smee+i, 3)) { |
96 |
scrubbed = 1; |
97 |
memset(smee+i, '\0', 3); |
98 |
i += 2; |
99 |
break; |
100 |
} |
101 |
} |
102 |
scrubit = IS_SEP(smee[i]) || smee[i] == '\0'; |
103 |
++i; |
104 |
} |
105 |
|
106 |
if (!scrubbed) |
107 |
return; |
108 |
|
109 |
/* condense the string over all the scrubbed bits */ |
110 |
p = 0; |
111 |
for (i = 0; i < len; ++i) { |
112 |
while (p < len && smee[p] == '\0') |
113 |
++p; |
114 |
if (p == len) { |
115 |
smee[i] = '\0'; |
116 |
break; |
117 |
} |
118 |
smee[i] = smee[p++]; |
119 |
} |
120 |
} |
121 |
|
80 |
int dzReadDirectoryEntry (direntry_t *de) |
122 |
int dzReadDirectoryEntry (direntry_t *de) |
81 |
{ |
123 |
{ |
82 |
char *s; |
124 |
char *s; |
Lines 102-107
int dzReadDirectoryEntry (direntry_t *de
Link Here
|
102 |
s = Dzip_malloc(de->len); |
144 |
s = Dzip_malloc(de->len); |
103 |
dzFile_Read(s, de->len); |
145 |
dzFile_Read(s, de->len); |
104 |
de->name = s; |
146 |
de->name = s; |
|
|
147 |
scrub_name(de->name); |
105 |
if (de->pak && de->type != TYPE_PAK) |
148 |
if (de->pak && de->type != TYPE_PAK) |
106 |
return 1; /* dont mess with dirchar inside pakfiles */ |
149 |
return 1; /* dont mess with dirchar inside pakfiles */ |
107 |
do |
150 |
do |
Lines 244-247
char *FileExtension (char *in)
Link Here
|
244 |
e = in++; |
287 |
e = in++; |
245 |
|
288 |
|
246 |
return e; |
289 |
return e; |
247 |
} |
290 |
} |