IOS HLE: More robust escaping of NAND paths

Prevents path traversal without needing an absolute path
function, and also improves accuracy (character sequences
like ../ appear to have no special meaning in IOS).

This removes the creation and usage of /sys/replace,
because the new escapes are too complicated to all
be representable in its format and because no other
NAND handling software seems to use /sys/replace.
This commit is contained in:
JosJuice 2016-11-26 15:39:00 +01:00
parent de355a8521
commit c74c317ab5
9 changed files with 90 additions and 88 deletions

View File

@ -2,10 +2,12 @@
// Licensed under GPLv2+
// Refer to the license.txt file included.
#include <algorithm>
#include <cstdio>
#include <fstream>
#include <stdlib.h>
#include <string>
#include <unordered_set>
#include <utility>
#include "Common/CommonFuncs.h"
@ -117,36 +119,61 @@ bool CheckTitleTIK(u64 _titleID, FromWhichRoot from)
return false;
}
static void CreateReplacementFile(std::string& filename)
std::string EscapeFileName(const std::string& filename)
{
std::ofstream replace;
OpenFStream(replace, filename, std::ios_base::out);
replace << "\" __22__\n";
replace << "* __2a__\n";
// replace << "/ __2f__\n";
replace << ": __3a__\n";
replace << "< __3c__\n";
replace << "> __3e__\n";
replace << "? __3f__\n";
// replace <<"\\ __5c__\n";
replace << "| __7c__\n";
// Prevent paths from containing special names like ., .., ..., ...., and so on
if (std::all_of(filename.begin(), filename.end(), [](char c) { return c == '.'; }))
return ReplaceAll(filename, ".", "__2e__");
// Escape all double underscores since we will use double underscores for our escape sequences
std::string filename_with_escaped_double_underscores = ReplaceAll(filename, "__", "__5f____5f__");
// Escape all other characters that need to be escaped
static const std::unordered_set<char> chars_to_replace = {'\"', '*', '/', ':', '<',
'>', '?', '\\', '|', '\x7f'};
std::string result;
result.reserve(filename_with_escaped_double_underscores.size());
for (char c : filename_with_escaped_double_underscores)
{
if ((c >= 0 && c <= 0x1F) || chars_to_replace.find(c) != chars_to_replace.end())
result.append(StringFromFormat("__%02x__", c));
else
result.push_back(c);
}
return result;
}
void ReadReplacements(replace_v& replacements)
std::string EscapePath(const std::string& path)
{
replacements.clear();
const std::string replace_fname = "/sys/replace";
std::string filename = File::GetUserPath(D_SESSION_WIIROOT_IDX) + replace_fname;
std::vector<std::string> split_strings;
SplitString(path, '/', split_strings);
if (!File::Exists(filename))
CreateReplacementFile(filename);
std::vector<std::string> escaped_split_strings;
escaped_split_strings.reserve(split_strings.size());
for (const std::string& split_string : split_strings)
escaped_split_strings.push_back(EscapeFileName(split_string));
std::ifstream f;
OpenFStream(f, filename, std::ios_base::in);
char letter;
std::string replacement;
return JoinStrings(escaped_split_strings, "/");
}
while (f >> letter >> replacement && replacement.size())
replacements.emplace_back(letter, replacement);
std::string UnescapeFileName(const std::string& filename)
{
std::string result = filename;
size_t pos = 0;
// Replace escape sequences of the format "__3f__" with the ASCII
// character defined by the escape sequence's two hex digits.
while ((pos = result.find("__", pos)) != std::string::npos)
{
u32 character;
if (pos + 6 <= result.size() && result[pos + 4] == '_' && result[pos + 5] == '_')
if (AsciiToHex(result.substr(pos + 2, 2), character))
result.replace(pos, 6, {static_cast<char>(character)});
++pos;
}
return result;
}
}

View File

@ -15,9 +15,6 @@ static const std::string TITLEID_SYSMENU_STRING = "0000000100000002";
namespace Common
{
typedef std::pair<char, std::string> replace_t;
typedef std::vector<replace_t> replace_v;
void InitializeWiiRoot(bool use_temporary);
void ShutdownWiiRoot();
@ -33,5 +30,11 @@ std::string GetTitleDataPath(u64 _titleID, FromWhichRoot from);
std::string GetTitleContentPath(u64 _titleID, FromWhichRoot from);
bool CheckTitleTMD(u64 _titleID, FromWhichRoot from);
bool CheckTitleTIK(u64 _titleID, FromWhichRoot from);
void ReadReplacements(replace_v& replacements);
// Escapes characters that are invalid or have special meanings in the host file system
std::string EscapeFileName(const std::string& filename);
// Escapes characters that are invalid or have special meanings in the host file system
std::string EscapePath(const std::string& path);
// Reverses escaping done by EscapeFileName
std::string UnescapeFileName(const std::string& filename);
}

View File

@ -10,7 +10,9 @@
#include <cstring>
#include <iomanip>
#include <istream>
#include <iterator>
#include <limits.h>
#include <sstream>
#include <string>
#include <vector>
@ -328,6 +330,21 @@ void SplitString(const std::string& str, const char delim, std::vector<std::stri
output.pop_back();
}
std::string JoinStrings(const std::vector<std::string>& strings, const std::string& delimiter)
{
// Check if we can return early, just for speed
if (strings.empty())
return "";
std::stringstream res;
std::copy(strings.begin(), strings.end(),
std::ostream_iterator<std::string>(res, delimiter.c_str()));
// Drop the trailing delimiter.
std::string joined = res.str();
return joined.substr(0, joined.length() - delimiter.length());
}
std::string TabsToSpaces(int tab_size, const std::string& in)
{
const std::string spaces(tab_size, ' ');

View File

@ -106,6 +106,7 @@ bool AsciiToHex(const std::string& _szValue, u32& result);
std::string TabsToSpaces(int tab_size, const std::string& in);
void SplitString(const std::string& str, char delim, std::vector<std::string>& output);
std::string JoinStrings(const std::vector<std::string>& strings, const std::string& delimiter);
// "C:/Windows/winhelp.exe" to "C:/Windows/", "winhelp", ".exe"
bool SplitPath(const std::string& full_path, std::string* _pPath, std::string* _pFilename,

View File

@ -157,24 +157,7 @@ struct DEntry
{
std::string filename = std::string((char*)Makercode, 2) + '-' +
std::string((char*)Gamecode, 4) + '-' + (char*)Filename + ".gci";
static Common::replace_v replacements;
if (replacements.size() == 0)
{
Common::ReadReplacements(replacements);
// Cannot add \r to replacements file due to it being a line ending char
// / might be ok, but we need to verify that this is only used on filenames
// as it is a dir_sep
replacements.push_back(std::make_pair('\r', std::string("__0d__")));
replacements.push_back(std::make_pair('/', std::string("__2f__")));
}
// Replaces chars that FAT32 can't support with strings defined in /sys/replace
for (auto& replacement : replacements)
{
for (size_t j = 0; (j = filename.find(replacement.first, j)) != filename.npos; ++j)
filename.replace(j, 1, replacement.second);
}
return filename;
return Common::EscapeFileName(filename);
}
u8 Gamecode[4]; // 0x00 0x04 Gamecode

View File

@ -30,8 +30,6 @@
#include "Core/HW/WiiSaveCrypted.h"
static Common::replace_v replacements;
const u8 CWiiSaveCrypted::s_sd_key[16] = {0xAB, 0x01, 0xB9, 0xD8, 0xE1, 0x62, 0x2B, 0x08,
0xAF, 0xBA, 0xD8, 0x4D, 0xBF, 0xC2, 0xA5, 0x5D};
const u8 CWiiSaveCrypted::s_md5_blanker[16] = {0x0E, 0x65, 0x37, 0x81, 0x99, 0xBE, 0x45, 0x17,
@ -102,7 +100,6 @@ void CWiiSaveCrypted::ExportAllSaves()
CWiiSaveCrypted::CWiiSaveCrypted(const std::string& filename, u64 title_id)
: m_encrypted_save_path(filename), m_title_id(title_id)
{
Common::ReadReplacements(replacements);
memcpy(m_sd_iv, "\x21\x67\x12\xE6\xAA\x1F\x68\x9F\x95\xC5\xA2\x23\x24\xDC\x6A\x98", 0x10);
if (!title_id) // Import
@ -340,12 +337,8 @@ void CWiiSaveCrypted::ImportWiiSaveFiles()
}
else
{
std::string filename((char*)file_hdr_tmp.name);
for (const Common::replace_t& replacement : replacements)
{
for (size_t j = 0; (j = filename.find(replacement.first, j)) != filename.npos; ++j)
filename.replace(j, 1, replacement.second);
}
std::string filename =
Common::EscapeFileName(reinterpret_cast<const char*>(file_hdr_tmp.name));
std::string file_path_full = m_wii_title_path + filename;
File::CreateFullPath(file_path_full);
@ -388,7 +381,6 @@ void CWiiSaveCrypted::ExportWiiSaveFiles()
for (u32 i = 0; i < m_files_list_size; i++)
{
FileHDR file_hdr_tmp;
std::string name;
memset(&file_hdr_tmp, 0, FILE_HDR_SZ);
u32 file_size = 0;
@ -407,15 +399,8 @@ void CWiiSaveCrypted::ExportWiiSaveFiles()
file_hdr_tmp.size = Common::swap32(file_size);
file_hdr_tmp.Permissions = 0x3c;
name = m_files_list[i].substr(m_wii_title_path.length() + 1);
for (const Common::replace_t& repl : replacements)
{
for (size_t j = 0; (j = name.find(repl.second, j)) != name.npos; ++j)
{
name.replace(j, repl.second.length(), 1, repl.first);
}
}
std::string name =
Common::UnescapeFileName(m_files_list[i].substr(m_wii_title_path.length() + 1));
if (name.length() > 0x44)
{

View File

@ -16,25 +16,16 @@
#include "Core/IPC_HLE/WII_IPC_HLE_Device_FileIO.h"
#include "Core/IPC_HLE/WII_IPC_HLE_Device_fs.h"
static Common::replace_v replacements;
static std::map<std::string, std::weak_ptr<File::IOFile>> openFiles;
// This is used by several of the FileIO and /dev/fs functions
std::string HLE_IPC_BuildFilename(std::string path_wii)
std::string HLE_IPC_BuildFilename(const std::string& wii_path)
{
std::string path_full = File::GetUserPath(D_SESSION_WIIROOT_IDX);
std::string nand_path = File::GetUserPath(D_SESSION_WIIROOT_IDX);
if (wii_path.empty() || wii_path[0] != '/')
return nand_path;
// Replaces chars that FAT32 can't support with strings defined in /sys/replace
for (auto& replacement : replacements)
{
for (size_t j = 0; (j = path_wii.find(replacement.first, j)) != path_wii.npos; ++j)
path_wii.replace(j, 1, replacement.second);
}
path_full += path_wii;
return path_full;
return nand_path + Common::EscapePath(wii_path);
}
void HLE_IPC_CreateVirtualFATFilesystem()
@ -76,7 +67,6 @@ CWII_IPC_HLE_Device_FileIO::CWII_IPC_HLE_Device_FileIO(u32 device_id,
const std::string& device_name)
: IWII_IPC_HLE_Device(device_id, device_name, false) // not a real hardware
{
Common::ReadReplacements(replacements);
}
CWII_IPC_HLE_Device_FileIO::~CWII_IPC_HLE_Device_FileIO()

View File

@ -18,7 +18,7 @@ namespace File
class IOFile;
}
std::string HLE_IPC_BuildFilename(std::string _pFilename);
std::string HLE_IPC_BuildFilename(const std::string& wii_path);
void HLE_IPC_CreateVirtualFATFilesystem();
class CWII_IPC_HLE_Device_FileIO : public IWII_IPC_HLE_Device

View File

@ -22,12 +22,9 @@
#include "Core/IPC_HLE/WII_IPC_HLE_Device_FileIO.h"
#include "Core/IPC_HLE/WII_IPC_HLE_Device_fs.h"
static Common::replace_v replacements;
CWII_IPC_HLE_Device_fs::CWII_IPC_HLE_Device_fs(u32 _DeviceID, const std::string& _rDeviceName)
: IWII_IPC_HLE_Device(_DeviceID, _rDeviceName)
{
Common::ReadReplacements(replacements);
}
CWII_IPC_HLE_Device_fs::~CWII_IPC_HLE_Device_fs()
@ -132,10 +129,9 @@ IPCCommandResult CWII_IPC_HLE_Device_fs::IOCtlV(u32 _CommandAddress)
{
for (File::FSTEntry& child : entry.children)
{
// Decode entities of invalid file system characters so that
// games (such as HP:HBP) will be able to find what they expect.
for (const Common::replace_t& r : replacements)
child.virtualName = ReplaceAll(child.virtualName, r.second, {r.first});
// Decode escaped invalid file system characters so that games (such as
// Harry Potter and the Half-Blood Prince) can find what they expect.
child.virtualName = Common::UnescapeFileName(child.virtualName);
}
std::sort(entry.children.begin(), entry.children.end(),