diff options
| author | martymac <martymac@FreeBSD.org> | 2015-03-19 03:43:42 +0800 |
|---|---|---|
| committer | martymac <martymac@FreeBSD.org> | 2015-03-19 03:43:42 +0800 |
| commit | b19696a5f1068c66b03e3aa5d604593b72c0b4c8 (patch) | |
| tree | a83d41db07eecf53b834af81497adc17b9c5308e /games | |
| parent | 5de8ea8f9bf8e3c4c644761e9726385ff13a36e3 (diff) | |
| download | freebsd-ports-gnome-b19696a5f1068c66b03e3aa5d604593b72c0b4c8.tar.gz freebsd-ports-gnome-b19696a5f1068c66b03e3aa5d604593b72c0b4c8.tar.zst freebsd-ports-gnome-b19696a5f1068c66b03e3aa5d604593b72c0b4c8.zip | |
While waiting for a bugfix release, backport Nasal security fixes from upstream
git repositories:
- flightgear 6a30e70
- fgdata 60da209
Suggested by: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
Diffstat (limited to 'games')
| -rw-r--r-- | games/flightgear-data/Makefile | 1 | ||||
| -rw-r--r-- | games/flightgear-data/files/patch-60da209 | 10 | ||||
| -rw-r--r-- | games/flightgear/Makefile | 1 | ||||
| -rw-r--r-- | games/flightgear/files/patch-6a30e70 | 208 |
4 files changed, 220 insertions, 0 deletions
diff --git a/games/flightgear-data/Makefile b/games/flightgear-data/Makefile index 5edbf4aa2350..e65fb7b45d8b 100644 --- a/games/flightgear-data/Makefile +++ b/games/flightgear-data/Makefile @@ -3,6 +3,7 @@ PORTNAME= flightgear-data PORTVERSION= 3.4.0 +PORTREVISION= 1 CATEGORIES= games # see http://www.flightgear.org/templates.js MASTER_SITES= http://mirrors.ibiblio.org/flightgear/ftp/Shared/ \ diff --git a/games/flightgear-data/files/patch-60da209 b/games/flightgear-data/files/patch-60da209 new file mode 100644 index 000000000000..caaeefecb310 --- /dev/null +++ b/games/flightgear-data/files/patch-60da209 @@ -0,0 +1,10 @@ +--- Nasal/IOrules.orig ++++ Nasal/IOrules +@@ -28,7 +28,6 @@ + READ ALLOW $FG_ROOT/* + READ ALLOW $FG_HOME/* + READ ALLOW $FG_AIRCRAFT/* +-READ ALLOW $FG_SCENERY/* + + WRITE ALLOW /tmp/*.xml + WRITE ALLOW $FG_HOME/*.sav diff --git a/games/flightgear/Makefile b/games/flightgear/Makefile index 529ed073aad9..f37ec8be88bf 100644 --- a/games/flightgear/Makefile +++ b/games/flightgear/Makefile @@ -3,6 +3,7 @@ PORTNAME= flightgear PORTVERSION= 3.4.0 +PORTREVISION= 1 CATEGORIES= games # see http://www.flightgear.org/templates.js MASTER_SITES= http://mirrors.ibiblio.org/flightgear/ftp/Source/ \ diff --git a/games/flightgear/files/patch-6a30e70 b/games/flightgear/files/patch-6a30e70 new file mode 100644 index 000000000000..ee53d878825e --- /dev/null +++ b/games/flightgear/files/patch-6a30e70 @@ -0,0 +1,208 @@ +--- src/Main/util.cxx.orig ++++ src/Main/util.cxx +@@ -33,6 +33,7 @@ + #include <simgear/math/SGLimits.hxx> + #include <simgear/math/SGMisc.hxx> + ++#include <GUI/MessageBox.hxx> + #include "fg_io.hxx" + #include "fg_props.hxx" + #include "globals.hxx" +@@ -71,32 +72,142 @@ fgGetLowPass (double current, double target, double timeratio) + return current; + } + +-// Write out path to validation node and read it back in. A Nasal +-// listener is supposed to replace the path with a validated version +-// or an empty string otherwise. +-const char *fgValidatePath (const char *str, bool write) ++static string_list read_allowed_paths; ++static string_list write_allowed_paths; ++ ++// Allowed paths here are absolute, and may contain _one_ *, ++// which matches any string ++// FG_SCENERY is deliberately not allowed, as it would make ++// /sim/terrasync/scenery-dir a security hole ++void fgInitAllowedPaths() + { +- SGPropertyNode_ptr r, w; +- r = fgGetNode("/sim/paths/validate/read", true); +- r->setAttribute(SGPropertyNode::READ, true); +- r->setAttribute(SGPropertyNode::WRITE, true); +- +- w = fgGetNode("/sim/paths/validate/write", true); +- w->setAttribute(SGPropertyNode::READ, true); +- w->setAttribute(SGPropertyNode::WRITE, true); +- +- SGPropertyNode *prop = write ? w : r; +- prop->setStringValue(str); +- const char *result = prop->getStringValue(); +- return result[0] ? result : 0; ++ read_allowed_paths.clear(); ++ write_allowed_paths.clear(); ++ read_allowed_paths.push_back(globals->get_fg_root() + "/*"); ++ read_allowed_paths.push_back(globals->get_fg_home() + "/*"); ++ string_list const aircraft_paths = globals->get_aircraft_paths(); ++ for( string_list::const_iterator it = aircraft_paths.begin(); ++ it != aircraft_paths.end(); ++ ++it ) ++ { ++ read_allowed_paths.push_back(*it + "/*"); ++ } ++ ++ for( string_list::const_iterator it = read_allowed_paths.begin(); ++ it != read_allowed_paths.end(); ++ ++it ) ++ { // if we get the initialization order wrong, better to have an ++ // obvious error than a can-read-everything security hole... ++ if (!(it->compare("/*"))){ ++ flightgear::fatalMessageBox("Nasal initialization error", ++ "Empty string in FG_ROOT, FG_HOME or FG_AIRCRAFT", ++ "or fgInitAllowedPaths() called too early"); ++ exit(-1); ++ } ++ } ++ write_allowed_paths.push_back("/tmp/*.xml"); ++ write_allowed_paths.push_back(globals->get_fg_home() + "/*.sav"); ++ write_allowed_paths.push_back(globals->get_fg_home() + "/*.log"); ++ write_allowed_paths.push_back(globals->get_fg_home() + "/cache/*"); ++ write_allowed_paths.push_back(globals->get_fg_home() + "/Export/*"); ++ write_allowed_paths.push_back(globals->get_fg_home() + "/state/*.xml"); ++ write_allowed_paths.push_back(globals->get_fg_home() + "/aircraft-data/*.xml"); ++ write_allowed_paths.push_back(globals->get_fg_home() + "/Wildfire/*.xml"); ++ write_allowed_paths.push_back(globals->get_fg_home() + "/runtime-jetways/*.xml"); ++ write_allowed_paths.push_back(globals->get_fg_home() + "/Input/Joysticks/*.xml"); ++ ++ if(!fgValidatePath(globals->get_fg_home() + "/../no.log",true).empty() || ++ !fgValidatePath(globals->get_fg_home() + "/no.lot",true).empty() || ++ fgValidatePath((globals->get_fg_home() + "/nolog").c_str(),true) || ++ !fgValidatePath(globals->get_fg_home() + "no.log",true).empty() || ++ !fgValidatePath("..\\" + globals->get_fg_home() + "/no.log",false).empty() || ++ fgValidatePath("/tmp/no.xml",false) || ++ fgValidatePath(globals->get_fg_home() + "/./ff/../Export\\yes..gg",true).empty() || ++ !fgValidatePath((globals->get_fg_home() + "/aircraft-data/yes..xml").c_str(),true) || ++ fgValidatePath(globals->get_fg_root() + "/./\\yes.bmp",false).empty()) { ++ flightgear::fatalMessageBox("Nasal initialization error", ++ "fgInitAllowedPaths() does not work", ++ ""); ++ exit(-1); ++ } + } + +-//------------------------------------------------------------------------------ +-std::string fgValidatePath(const std::string& path, bool write) ++// Normalize a path ++// Unlike SGPath::realpath, does not require that the file already exists, ++// but does require that it be below the starting point ++static std::string fgNormalizePath (const std::string& path) + { +- const char* validate_path = fgValidatePath(path.c_str(), write); +- return std::string(validate_path ? validate_path : ""); +-} ++ string_list path_parts; ++ char c; ++ std::string normed_path = "", this_part = ""; ++ ++ for (int pos = 0; ; pos++) { ++ c = path[pos]; ++ if (c == '\\') { c = '/'; } ++ if ((c == '/') || (c == 0)) { ++ if ((this_part == "/..") || (this_part == "..")) { ++ if (path_parts.empty()) { return ""; } ++ path_parts.pop_back(); ++ } else if ((this_part != "/.") && (this_part != "/")) { ++ path_parts.push_back(this_part); ++ } ++ this_part = ""; ++ } ++ if (c == 0) { break; } ++ this_part = this_part + c; ++ } ++ for( string_list::const_iterator it = path_parts.begin(); ++ it != path_parts.end(); ++ ++it ) ++ { ++ normed_path.append(*it); ++ } ++ return normed_path; ++ } ++ + ++// Check whether Nasal is allowed to access a path ++std::string fgValidatePath (const std::string& path, bool write) ++{ ++ const string_list& allowed_paths(write ? write_allowed_paths : read_allowed_paths); ++ int star_pos; ++ ++ // Normalize the path (prevents ../../.. trickery) ++ std::string normed_path = fgNormalizePath(path); ++ ++ // Check against each allowed pattern ++ for( string_list::const_iterator it = allowed_paths.begin(); ++ it != allowed_paths.end(); ++ ++it ) ++ { ++ star_pos = it->find('*'); ++ if (star_pos == std::string::npos) { ++ if (!(it->compare(normed_path))) { ++ return normed_path; ++ } ++ } else { ++ if ((it->size()-1 <= normed_path.size()) /* long enough to be a potential match */ ++ && !(it->substr(0,star_pos) ++ .compare(normed_path.substr(0,star_pos))) /* before-star parts match */ ++ && !(it->substr(star_pos+1,it->size()-star_pos-1) ++ .compare(normed_path.substr(star_pos+1+normed_path.size()-it->size(), ++ it->size()-star_pos-1))) /* after-star parts match */) { ++ return normed_path; ++ } ++ } ++ } ++ // no match found ++ return ""; ++} ++// s.c_str() becomes invalid when s is destroyed, so need a static s ++std::string validate_path_temp; ++const char* fgValidatePath(const char* path, bool write) ++{ ++ validate_path_temp = fgValidatePath(std::string(path), write); ++ if(validate_path_temp.empty()){ ++ return 0; ++ } ++ return validate_path_temp.c_str(); ++} + // end of util.cxx + +--- src/Main/util.hxx.orig ++++ src/Main/util.hxx +@@ -36,7 +36,7 @@ + double fgGetLowPass (double current, double target, double timeratio); + + /** +- * Validation listener interface for io.nas, used by fgcommands. ++ * File access control, used by Nasal and fgcommands. + * @param path Path to be validated + * @param write True for write operations and false for read operations. + * @return The validated path on success or 0 if access denied. +@@ -44,4 +44,9 @@ double fgGetLowPass (double current, double target, double timeratio); + const char *fgValidatePath (const char *path, bool write); + std::string fgValidatePath(const std::string& path, bool write); + ++/** ++ * Set allowed paths for fgValidatePath ++ */ ++void fgInitAllowedPaths(); ++ + #endif // __UTIL_HXX +--- src/Scripting/NasalSys.cxx.orig ++++ src/Scripting/NasalSys.cxx +@@ -835,6 +835,9 @@ void FGNasalSys::init() + .member("singleShot", &TimerObj::isSingleShot, &TimerObj::setSingleShot) + .member("isRunning", &TimerObj::isRunning); + ++ // Set allowed paths for Nasal I/O ++ fgInitAllowedPaths(); ++ + // Now load the various source files in the Nasal directory + simgear::Dir nasalDir(SGPath(globals->get_fg_root(), "Nasal")); + loadScriptDirectory(nasalDir); |