Mirror/TrinityCore
1
0
Fork 0
mirror of https://github.com/TrinityCore/TrinityCore.git synced 2026-01-24 19:06:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Core/PlayerDump: Add config to disallow overwriting existing files and usage of paths in player dump write to prevent local exploits

Browse Source
This commit is contained in:
Shocker
2011-10-08 16:56:04 +03:00
parent 40ed37c1e7
commit 0b243dfd9b
4 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/server/game/Tools/PlayerDump.cpp
View File

@@ -352,6 +352,15 @@ bool PlayerDumpWriter::GetDump(uint32 guid, std::string &dump)
DumpReturn PlayerDumpWriter::WriteDump(const std::string& file, uint32 guid)
{
if (sWorld->getBoolConfig(CONFIG_PDUMP_NO_PATHS))
if (strstr(file.c_str(), "\\") || strstr(file.c_str(), "/"))
return DUMP_FILE_OPEN_ERROR;
if (sWorld->getBoolConfig(CONFIG_PDUMP_NO_OVERWRITE))
if (FILE* f = fopen(file.c_str(), "r"))
{
fclose(f);
return DUMP_FILE_OPEN_ERROR;
}
FILE* fout = fopen(file.c_str(), "w");
if (!fout)
return DUMP_FILE_OPEN_ERROR;

4
src/server/game/World/World.cpp
View File

@@ -1189,6 +1189,10 @@ void World::LoadConfigSettings(bool reload)
// MySQL ping time interval
m_int_configs[CONFIG_DB_PING_INTERVAL] = ConfigMgr::GetIntDefault("MaxPingTime", 30);
// misc
m_bool_configs[CONFIG_PDUMP_NO_PATHS] = ConfigMgr::GetBoolDefault("PlayerDump.DisallowPaths", true);
m_bool_configs[CONFIG_PDUMP_NO_OVERWRITE] = ConfigMgr::GetBoolDefault("PlayerDump.DisallowOverwrite", true);
sScriptMgr->OnConfigLoad(reload);
}

2
src/server/game/World/World.h
View File

@@ -158,6 +158,8 @@ enum WorldBoolConfigs
CONFIG_ALLOW_TICKETS,
CONFIG_DBC_ENFORCE_ITEM_ATTRIBUTES,
CONFIG_PRESERVE_CUSTOM_CHANNELS,
CONFIG_PDUMP_NO_PATHS,
CONFIG_PDUMP_NO_OVERWRITE,
BOOL_CONFIG_VALUE_COUNT
};

14
src/server/worldserver/worldserver.conf.dist
View File

@@ -2769,5 +2769,19 @@ LevelReq.Auction = 1
LevelReq.Mail = 1
#
# PlayerDump.DisallowPaths
# Description: Disallow using paths in PlayerDump output files
# Default: 1
PlayerDump.DisallowPaths = 1
#
# PlayerDump.DisallowOverwrite
# Description: Disallow overwriting existing files with PlayerDump
# Default: 1
PlayerDump.DisallowOverwrite = 1
#
###################################################################################################