Core/PlayerDump: Add config to disallow overwriting existing files and usage of paths in player dump write to prevent local exploits

author: Shocker <shocker@freakz.ro> 2011-10-08 16:56:04 +0300
committer: Shocker <shocker@freakz.ro> 2011-10-08 16:56:04 +0300
commit: 0b243dfd9b789437fcb9b1a39bcb385417548550 (patch)
tree: 8cce9f7a9c282703d98f8ab6358b339572a18e57 /src/server/game/Tools
parent: 40ed37c1e73bcd1e4d7e48310591e082b82690e0 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/src/server/game/Tools/PlayerDump.cpp b/src/server/game/Tools/PlayerDump.cpp
index 8f888f8fb85..92fa001fe46 100644
--- a/src/server/game/Tools/PlayerDump.cpp
+++ b/src/server/game/Tools/PlayerDump.cpp
@@ -352,6 +352,15 @@ bool PlayerDumpWriter::GetDump(uint32 guid, std::string &dump)
 
 DumpReturn PlayerDumpWriter::WriteDump(const std::string& file, uint32 guid)
 {
+    if (sWorld->getBoolConfig(CONFIG_PDUMP_NO_PATHS))
+        if (strstr(file.c_str(), "\\") || strstr(file.c_str(), "/"))
+            return DUMP_FILE_OPEN_ERROR;
+    if (sWorld->getBoolConfig(CONFIG_PDUMP_NO_OVERWRITE))
+        if (FILE* f = fopen(file.c_str(), "r"))
+        {
+            fclose(f);
+            return DUMP_FILE_OPEN_ERROR;
+        }
     FILE* fout = fopen(file.c_str(), "w");
     if (!fout)
         return DUMP_FILE_OPEN_ERROR;
author	Shocker <shocker@freakz.ro>	2011-10-08 16:56:04 +0300
committer	Shocker <shocker@freakz.ro>	2011-10-08 16:56:04 +0300
commit	0b243dfd9b789437fcb9b1a39bcb385417548550 (patch)
tree	8cce9f7a9c282703d98f8ab6358b339572a18e57 /src/server/game/Tools
parent	40ed37c1e73bcd1e4d7e48310591e082b82690e0 (diff)