IOS HLE: More robust escaping of NAND paths
Prevents path traversal without needing an absolute path function, and also improves accuracy (character sequences like ../ appear to have no special meaning in IOS). This removes the creation and usage of /sys/replace, because the new escapes are too complicated to all be representable in its format and because no other NAND handling software seems to use /sys/replace.
This commit is contained in:
parent
de355a8521
commit
c74c317ab5
|
@ -2,10 +2,12 @@
|
|||
// Licensed under GPLv2+
|
||||
// Refer to the license.txt file included.
|
||||
|
||||
#include <algorithm>
|
||||
#include <cstdio>
|
||||
#include <fstream>
|
||||
#include <stdlib.h>
|
||||
#include <string>
|
||||
#include <unordered_set>
|
||||
#include <utility>
|
||||
|
||||
#include "Common/CommonFuncs.h"
|
||||
|
@ -117,36 +119,61 @@ bool CheckTitleTIK(u64 _titleID, FromWhichRoot from)
|
|||
return false;
|
||||
}
|
||||
|
||||
static void CreateReplacementFile(std::string& filename)
|
||||
std::string EscapeFileName(const std::string& filename)
|
||||
{
|
||||
std::ofstream replace;
|
||||
OpenFStream(replace, filename, std::ios_base::out);
|
||||
replace << "\" __22__\n";
|
||||
replace << "* __2a__\n";
|
||||
// replace << "/ __2f__\n";
|
||||
replace << ": __3a__\n";
|
||||
replace << "< __3c__\n";
|
||||
replace << "> __3e__\n";
|
||||
replace << "? __3f__\n";
|
||||
// replace <<"\\ __5c__\n";
|
||||
replace << "| __7c__\n";
|
||||
// Prevent paths from containing special names like ., .., ..., ...., and so on
|
||||
if (std::all_of(filename.begin(), filename.end(), [](char c) { return c == '.'; }))
|
||||
return ReplaceAll(filename, ".", "__2e__");
|
||||
|
||||
// Escape all double underscores since we will use double underscores for our escape sequences
|
||||
std::string filename_with_escaped_double_underscores = ReplaceAll(filename, "__", "__5f____5f__");
|
||||
|
||||
// Escape all other characters that need to be escaped
|
||||
static const std::unordered_set<char> chars_to_replace = {'\"', '*', '/', ':', '<',
|
||||
'>', '?', '\\', '|', '\x7f'};
|
||||
std::string result;
|
||||
result.reserve(filename_with_escaped_double_underscores.size());
|
||||
for (char c : filename_with_escaped_double_underscores)
|
||||
{
|
||||
if ((c >= 0 && c <= 0x1F) || chars_to_replace.find(c) != chars_to_replace.end())
|
||||
result.append(StringFromFormat("__%02x__", c));
|
||||
else
|
||||
result.push_back(c);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
void ReadReplacements(replace_v& replacements)
|
||||
std::string EscapePath(const std::string& path)
|
||||
{
|
||||
replacements.clear();
|
||||
const std::string replace_fname = "/sys/replace";
|
||||
std::string filename = File::GetUserPath(D_SESSION_WIIROOT_IDX) + replace_fname;
|
||||
std::vector<std::string> split_strings;
|
||||
SplitString(path, '/', split_strings);
|
||||
|
||||
if (!File::Exists(filename))
|
||||
CreateReplacementFile(filename);
|
||||
std::vector<std::string> escaped_split_strings;
|
||||
escaped_split_strings.reserve(split_strings.size());
|
||||
for (const std::string& split_string : split_strings)
|
||||
escaped_split_strings.push_back(EscapeFileName(split_string));
|
||||
|
||||
std::ifstream f;
|
||||
OpenFStream(f, filename, std::ios_base::in);
|
||||
char letter;
|
||||
std::string replacement;
|
||||
return JoinStrings(escaped_split_strings, "/");
|
||||
}
|
||||
|
||||
while (f >> letter >> replacement && replacement.size())
|
||||
replacements.emplace_back(letter, replacement);
|
||||
std::string UnescapeFileName(const std::string& filename)
|
||||
{
|
||||
std::string result = filename;
|
||||
size_t pos = 0;
|
||||
|
||||
// Replace escape sequences of the format "__3f__" with the ASCII
|
||||
// character defined by the escape sequence's two hex digits.
|
||||
while ((pos = result.find("__", pos)) != std::string::npos)
|
||||
{
|
||||
u32 character;
|
||||
if (pos + 6 <= result.size() && result[pos + 4] == '_' && result[pos + 5] == '_')
|
||||
if (AsciiToHex(result.substr(pos + 2, 2), character))
|
||||
result.replace(pos, 6, {static_cast<char>(character)});
|
||||
|
||||
++pos;
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -15,9 +15,6 @@ static const std::string TITLEID_SYSMENU_STRING = "0000000100000002";
|
|||
|
||||
namespace Common
|
||||
{
|
||||
typedef std::pair<char, std::string> replace_t;
|
||||
typedef std::vector<replace_t> replace_v;
|
||||
|
||||
void InitializeWiiRoot(bool use_temporary);
|
||||
void ShutdownWiiRoot();
|
||||
|
||||
|
@ -33,5 +30,11 @@ std::string GetTitleDataPath(u64 _titleID, FromWhichRoot from);
|
|||
std::string GetTitleContentPath(u64 _titleID, FromWhichRoot from);
|
||||
bool CheckTitleTMD(u64 _titleID, FromWhichRoot from);
|
||||
bool CheckTitleTIK(u64 _titleID, FromWhichRoot from);
|
||||
void ReadReplacements(replace_v& replacements);
|
||||
|
||||
// Escapes characters that are invalid or have special meanings in the host file system
|
||||
std::string EscapeFileName(const std::string& filename);
|
||||
// Escapes characters that are invalid or have special meanings in the host file system
|
||||
std::string EscapePath(const std::string& path);
|
||||
// Reverses escaping done by EscapeFileName
|
||||
std::string UnescapeFileName(const std::string& filename);
|
||||
}
|
||||
|
|
|
@ -10,7 +10,9 @@
|
|||
#include <cstring>
|
||||
#include <iomanip>
|
||||
#include <istream>
|
||||
#include <iterator>
|
||||
#include <limits.h>
|
||||
#include <sstream>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
|
@ -328,6 +330,21 @@ void SplitString(const std::string& str, const char delim, std::vector<std::stri
|
|||
output.pop_back();
|
||||
}
|
||||
|
||||
std::string JoinStrings(const std::vector<std::string>& strings, const std::string& delimiter)
|
||||
{
|
||||
// Check if we can return early, just for speed
|
||||
if (strings.empty())
|
||||
return "";
|
||||
|
||||
std::stringstream res;
|
||||
std::copy(strings.begin(), strings.end(),
|
||||
std::ostream_iterator<std::string>(res, delimiter.c_str()));
|
||||
|
||||
// Drop the trailing delimiter.
|
||||
std::string joined = res.str();
|
||||
return joined.substr(0, joined.length() - delimiter.length());
|
||||
}
|
||||
|
||||
std::string TabsToSpaces(int tab_size, const std::string& in)
|
||||
{
|
||||
const std::string spaces(tab_size, ' ');
|
||||
|
|
|
@ -106,6 +106,7 @@ bool AsciiToHex(const std::string& _szValue, u32& result);
|
|||
std::string TabsToSpaces(int tab_size, const std::string& in);
|
||||
|
||||
void SplitString(const std::string& str, char delim, std::vector<std::string>& output);
|
||||
std::string JoinStrings(const std::vector<std::string>& strings, const std::string& delimiter);
|
||||
|
||||
// "C:/Windows/winhelp.exe" to "C:/Windows/", "winhelp", ".exe"
|
||||
bool SplitPath(const std::string& full_path, std::string* _pPath, std::string* _pFilename,
|
||||
|
|
|
@ -157,24 +157,7 @@ struct DEntry
|
|||
{
|
||||
std::string filename = std::string((char*)Makercode, 2) + '-' +
|
||||
std::string((char*)Gamecode, 4) + '-' + (char*)Filename + ".gci";
|
||||
static Common::replace_v replacements;
|
||||
if (replacements.size() == 0)
|
||||
{
|
||||
Common::ReadReplacements(replacements);
|
||||
// Cannot add \r to replacements file due to it being a line ending char
|
||||
// / might be ok, but we need to verify that this is only used on filenames
|
||||
// as it is a dir_sep
|
||||
replacements.push_back(std::make_pair('\r', std::string("__0d__")));
|
||||
replacements.push_back(std::make_pair('/', std::string("__2f__")));
|
||||
}
|
||||
|
||||
// Replaces chars that FAT32 can't support with strings defined in /sys/replace
|
||||
for (auto& replacement : replacements)
|
||||
{
|
||||
for (size_t j = 0; (j = filename.find(replacement.first, j)) != filename.npos; ++j)
|
||||
filename.replace(j, 1, replacement.second);
|
||||
}
|
||||
return filename;
|
||||
return Common::EscapeFileName(filename);
|
||||
}
|
||||
|
||||
u8 Gamecode[4]; // 0x00 0x04 Gamecode
|
||||
|
|
|
@ -30,8 +30,6 @@
|
|||
|
||||
#include "Core/HW/WiiSaveCrypted.h"
|
||||
|
||||
static Common::replace_v replacements;
|
||||
|
||||
const u8 CWiiSaveCrypted::s_sd_key[16] = {0xAB, 0x01, 0xB9, 0xD8, 0xE1, 0x62, 0x2B, 0x08,
|
||||
0xAF, 0xBA, 0xD8, 0x4D, 0xBF, 0xC2, 0xA5, 0x5D};
|
||||
const u8 CWiiSaveCrypted::s_md5_blanker[16] = {0x0E, 0x65, 0x37, 0x81, 0x99, 0xBE, 0x45, 0x17,
|
||||
|
@ -102,7 +100,6 @@ void CWiiSaveCrypted::ExportAllSaves()
|
|||
CWiiSaveCrypted::CWiiSaveCrypted(const std::string& filename, u64 title_id)
|
||||
: m_encrypted_save_path(filename), m_title_id(title_id)
|
||||
{
|
||||
Common::ReadReplacements(replacements);
|
||||
memcpy(m_sd_iv, "\x21\x67\x12\xE6\xAA\x1F\x68\x9F\x95\xC5\xA2\x23\x24\xDC\x6A\x98", 0x10);
|
||||
|
||||
if (!title_id) // Import
|
||||
|
@ -340,12 +337,8 @@ void CWiiSaveCrypted::ImportWiiSaveFiles()
|
|||
}
|
||||
else
|
||||
{
|
||||
std::string filename((char*)file_hdr_tmp.name);
|
||||
for (const Common::replace_t& replacement : replacements)
|
||||
{
|
||||
for (size_t j = 0; (j = filename.find(replacement.first, j)) != filename.npos; ++j)
|
||||
filename.replace(j, 1, replacement.second);
|
||||
}
|
||||
std::string filename =
|
||||
Common::EscapeFileName(reinterpret_cast<const char*>(file_hdr_tmp.name));
|
||||
|
||||
std::string file_path_full = m_wii_title_path + filename;
|
||||
File::CreateFullPath(file_path_full);
|
||||
|
@ -388,7 +381,6 @@ void CWiiSaveCrypted::ExportWiiSaveFiles()
|
|||
for (u32 i = 0; i < m_files_list_size; i++)
|
||||
{
|
||||
FileHDR file_hdr_tmp;
|
||||
std::string name;
|
||||
memset(&file_hdr_tmp, 0, FILE_HDR_SZ);
|
||||
|
||||
u32 file_size = 0;
|
||||
|
@ -407,15 +399,8 @@ void CWiiSaveCrypted::ExportWiiSaveFiles()
|
|||
file_hdr_tmp.size = Common::swap32(file_size);
|
||||
file_hdr_tmp.Permissions = 0x3c;
|
||||
|
||||
name = m_files_list[i].substr(m_wii_title_path.length() + 1);
|
||||
|
||||
for (const Common::replace_t& repl : replacements)
|
||||
{
|
||||
for (size_t j = 0; (j = name.find(repl.second, j)) != name.npos; ++j)
|
||||
{
|
||||
name.replace(j, repl.second.length(), 1, repl.first);
|
||||
}
|
||||
}
|
||||
std::string name =
|
||||
Common::UnescapeFileName(m_files_list[i].substr(m_wii_title_path.length() + 1));
|
||||
|
||||
if (name.length() > 0x44)
|
||||
{
|
||||
|
|
|
@ -16,25 +16,16 @@
|
|||
#include "Core/IPC_HLE/WII_IPC_HLE_Device_FileIO.h"
|
||||
#include "Core/IPC_HLE/WII_IPC_HLE_Device_fs.h"
|
||||
|
||||
static Common::replace_v replacements;
|
||||
|
||||
static std::map<std::string, std::weak_ptr<File::IOFile>> openFiles;
|
||||
|
||||
// This is used by several of the FileIO and /dev/fs functions
|
||||
std::string HLE_IPC_BuildFilename(std::string path_wii)
|
||||
std::string HLE_IPC_BuildFilename(const std::string& wii_path)
|
||||
{
|
||||
std::string path_full = File::GetUserPath(D_SESSION_WIIROOT_IDX);
|
||||
std::string nand_path = File::GetUserPath(D_SESSION_WIIROOT_IDX);
|
||||
if (wii_path.empty() || wii_path[0] != '/')
|
||||
return nand_path;
|
||||
|
||||
// Replaces chars that FAT32 can't support with strings defined in /sys/replace
|
||||
for (auto& replacement : replacements)
|
||||
{
|
||||
for (size_t j = 0; (j = path_wii.find(replacement.first, j)) != path_wii.npos; ++j)
|
||||
path_wii.replace(j, 1, replacement.second);
|
||||
}
|
||||
|
||||
path_full += path_wii;
|
||||
|
||||
return path_full;
|
||||
return nand_path + Common::EscapePath(wii_path);
|
||||
}
|
||||
|
||||
void HLE_IPC_CreateVirtualFATFilesystem()
|
||||
|
@ -76,7 +67,6 @@ CWII_IPC_HLE_Device_FileIO::CWII_IPC_HLE_Device_FileIO(u32 device_id,
|
|||
const std::string& device_name)
|
||||
: IWII_IPC_HLE_Device(device_id, device_name, false) // not a real hardware
|
||||
{
|
||||
Common::ReadReplacements(replacements);
|
||||
}
|
||||
|
||||
CWII_IPC_HLE_Device_FileIO::~CWII_IPC_HLE_Device_FileIO()
|
||||
|
|
|
@ -18,7 +18,7 @@ namespace File
|
|||
class IOFile;
|
||||
}
|
||||
|
||||
std::string HLE_IPC_BuildFilename(std::string _pFilename);
|
||||
std::string HLE_IPC_BuildFilename(const std::string& wii_path);
|
||||
void HLE_IPC_CreateVirtualFATFilesystem();
|
||||
|
||||
class CWII_IPC_HLE_Device_FileIO : public IWII_IPC_HLE_Device
|
||||
|
|
|
@ -22,12 +22,9 @@
|
|||
#include "Core/IPC_HLE/WII_IPC_HLE_Device_FileIO.h"
|
||||
#include "Core/IPC_HLE/WII_IPC_HLE_Device_fs.h"
|
||||
|
||||
static Common::replace_v replacements;
|
||||
|
||||
CWII_IPC_HLE_Device_fs::CWII_IPC_HLE_Device_fs(u32 _DeviceID, const std::string& _rDeviceName)
|
||||
: IWII_IPC_HLE_Device(_DeviceID, _rDeviceName)
|
||||
{
|
||||
Common::ReadReplacements(replacements);
|
||||
}
|
||||
|
||||
CWII_IPC_HLE_Device_fs::~CWII_IPC_HLE_Device_fs()
|
||||
|
@ -132,10 +129,9 @@ IPCCommandResult CWII_IPC_HLE_Device_fs::IOCtlV(u32 _CommandAddress)
|
|||
{
|
||||
for (File::FSTEntry& child : entry.children)
|
||||
{
|
||||
// Decode entities of invalid file system characters so that
|
||||
// games (such as HP:HBP) will be able to find what they expect.
|
||||
for (const Common::replace_t& r : replacements)
|
||||
child.virtualName = ReplaceAll(child.virtualName, r.second, {r.first});
|
||||
// Decode escaped invalid file system characters so that games (such as
|
||||
// Harry Potter and the Half-Blood Prince) can find what they expect.
|
||||
child.virtualName = Common::UnescapeFileName(child.virtualName);
|
||||
}
|
||||
|
||||
std::sort(entry.children.begin(), entry.children.end(),
|
||||
|
|
Loading…
Reference in New Issue