valter/dosbox-staging
1
0
Fork 0
Code Releases Activity

Allow longer commandlines in MOUNT and IMGMOUNT.

Browse source 
Fix crash reported by MiniMax (mount -u 0).
Fix bug reported by Tearex ("config -get" broken).
Add some protection that makes it harder to mount a directory from
within an executable.
Add some protection to make mounting from command /c much harder.
Add a securemode commandline switch to config and dosbox that should make it
impossible to mount a location when this isn't wanted by the user. (Addresses concerns of CVE-2007-6328)
Update documentation to reflect this.


Imported-from: https://svn.code.sf.net/p/dosbox/code-0/dosbox/trunk@3114
This commit is contained in:
Peter Veenstra 2008-03-02 11:13:47 +00:00
parent f2c40b9407
commit 3f2e4fbd83
9 changed files with 156 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

37
src/shell/shell.cpp
View file

@ -16,7 +16,7 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* $Id: shell.cpp,v 1.88 2007-08-17 17:58:46 qbix79 Exp $ */
/* $Id: shell.cpp,v 1.89 2008-03-02 11:13:47 qbix79 Exp $ */
#include <stdlib.h>
#include <stdarg.h>
@ -28,6 +28,7 @@
#include "callback.h"
#include "support.h"
Bitu call_shellstop;
/* Larger scope so shell_del autoexec can use it to
* remove things from the environment */
@ -278,16 +279,22 @@ void DOS_Shell::RunInternal(void)
return;
}
bool command_slashc = false;
void DOS_Shell::Run(void) {
char input_line[CMD_MAXLINE] = {0};
std::string line;
if (cmd->FindStringRemain("/C",line)) {
//command_slashc indicates that the following commands are run with command /c. Forbid parameters to mount.
//command_allready_set prevents against command /c "command /c command"
bool command_allready_set = command_slashc;
command_slashc = true;
strcpy(input_line,line.c_str());
DOS_Shell temp;
temp.echo = echo;
temp.ParseLine(input_line); //for *.exe *.com |*.bat creates the bf needed by runinternal;
temp.RunInternal(); // exits when no bf is found.
if(!command_allready_set) command_slashc = false;
return;
}
/* Start a normal shell and check for a first command init */
@ -333,7 +340,7 @@ void DOS_Shell::SyntaxError(void) {
class AUTOEXEC:public Module_base {
private:
AutoexecObject autoexec[16];
AutoexecObject autoexec[17];
AutoexecObject autoexec_echo;
public:
AUTOEXEC(Section* configuration):Module_base(configuration) {
@ -341,9 +348,12 @@ public:
std::string line;
Section_line * section=static_cast<Section_line *>(configuration);
/* add stuff from the configfile unless -noautexec is specified. */
char * extra=const_cast<char*>(section->data.c_str());
if (extra && !control->cmdline->FindExist("-noautoexec",true)) {
/* Check -securemode switch to disable mount/imgmount/boot after running autoexec.bat */
bool secure = control->cmdline->FindExist("-securemode",true);
/* add stuff from the configfile unless -noautexec or -securemode is specified. */
char * extra = const_cast<char*>(section->data.c_str());
if (extra && !secure && !control->cmdline->FindExist("-noautoexec",true)) {
/* detect if "echo off" is the first line */
bool echo_off = !strncasecmp(extra,"echo off",8);
if (!echo_off) echo_off = !strncasecmp(extra,"@echo off",9);
@ -372,7 +382,10 @@ public:
/* Check for first command being a directory or file */
char buffer[CROSS_LEN];
char cross_filesplit[2] = {CROSS_FILESPLIT , 0};
if (control->cmdline->FindCommand(1,line)) {
/* Combining -securemode and no parameter leaves you with a lovely Z:\. */
if ( !control->cmdline->FindCommand(1,line) ) {
if ( secure ) autoexec[12].Install("z:\\config.com -securemode");
} else {
struct stat test;
strcpy(buffer,line.c_str());
if (stat(buffer,&test)){
@ -384,6 +397,7 @@ public:
if (test.st_mode & S_IFDIR) {
autoexec[12].Install(std::string("MOUNT C \"") + buffer + "\"");
autoexec[13].Install("C:");
if(secure) autoexec[14].Install("z:\\config.com -securemode");
} else {
char* name = strrchr(buffer,CROSS_FILESPLIT);
if (!name) { //Only a filename
@ -401,16 +415,19 @@ public:
autoexec[13].Install("C:");
upcase(name);
if(strstr(name,".BAT") != 0) {
if(secure) autoexec[14].Install("z:\\config.com -securemode");
/* BATch files are called else exit will not work */
autoexec[14].Install(std::string("CALL ") + name);
autoexec[15].Install(std::string("CALL ") + name);
} else if((strstr(name,".IMG") != 0) || (strstr(name,".IMA") !=0)) {
//No secure mode here as boot is destructive and enabling securemode disables boot
/* Boot image files */
autoexec[14].Install(std::string("BOOT ") + name);
autoexec[15].Install(std::string("BOOT ") + name);
} else {
autoexec[14].Install(name);
if(secure) autoexec[14].Install("z:\\config.com -securemode");
autoexec[15].Install(name);
}
if(addexit) autoexec[15].Install("exit");
if(addexit) autoexec[16].Install("exit");
}
}
nomount:

9
src/shell/shell_misc.cpp
View file

@ -16,7 +16,7 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/* $Id: shell_misc.cpp,v 1.51 2007-08-22 11:21:28 qbix79 Exp $ */
/* $Id: shell_misc.cpp,v 1.52 2008-03-02 11:13:47 qbix79 Exp $ */
#include <stdlib.h>
#include <string.h>
@ -354,6 +354,7 @@ void DOS_Shell::InputCommand(char * line) {
if (l_completion.size()) l_completion.clear();
}
std::string full_arguments = "";
bool DOS_Shell::Execute(char * name,char * args) {
/* return true => don't check for hardware changes in do_command
* return false => check for hardware changes in do_command */
@ -438,7 +439,7 @@ bool DOS_Shell::Execute(char * name,char * args) {
if(strcasecmp(extension, ".com") !=0)
{
if(strcasecmp(extension, ".exe") !=0) return false;
}
}
/* Run the .exe or .com file from the shell */
/* Allocate some stack space for tables in physical memory */
reg_sp-=0x200;
@ -448,6 +449,10 @@ bool DOS_Shell::Execute(char * name,char * args) {
//Add a filename
RealPt file_name=RealMakeSeg(ss,reg_sp+0x20);
MEM_BlockWrite(Real2Phys(file_name),fullname,strlen(fullname)+1);
/* HACK: Store full commandline for mount and imgmount */
full_arguments.assign(line);
/* Fill the command line */
CommandTail cmdtail;
cmdtail.count = 0;