UNLOZE/sourcemod
10
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Prevent commands from being run on the client with sm_play (#1832)

Browse Source 
* Prevent command injection

* Empty to commit to try to kick CI.

* Improve filename sanitisation

---------

Co-authored-by: Fyren <fyrenmoo@gmail.com>
This commit is contained in:
Boink 2023-09-28 00:51:07 +10:00 committed by GitHub
parent 99dbe06d8a
commit a402b3cceb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
plugins/sounds.sp
View File

@ -67,23 +67,27 @@ public Action Command_Play(int client, int args)
char Arg[65]; char Arg[65];
int len = BreakString(Arguments, Arg, sizeof(Arg)); int len = BreakString(Arguments, Arg, sizeof(Arg));
/* Make sure it does not go out of bound by doing "sm_play user "*/ /* Make sure it does not go out of bound by doing "sm_play user " */
if (len == -1) if (len == -1)
{ {
ReplyToCommand(client, "[SM] Usage: sm_play <#userid|name> <filename>"); ReplyToCommand(client, "[SM] Usage: sm_play <#userid|name> <filename>");
return Plugin_Handled; return Plugin_Handled;
} }
/* Incase they put quotes and white spaces after the quotes */ char SoundPath[PLATFORM_MAX_PATH];
if (Arguments[len] == '"') BreakString(Arguments[len], SoundPath, sizeof(SoundPath));
{
len++; /* Remove all double and single quotes out of the path */
int FileLen = TrimString(Arguments[len]) + len; ReplaceString(SoundPath, sizeof(SoundPath), "\"", "");
ReplaceString(SoundPath, sizeof(SoundPath), "'", "");
if (Arguments[FileLen - 1] == '"') TrimString(SoundPath);
{
Arguments[FileLen - 1] = '\0'; /* Block any attempts of chaining console commands on */
} if(StrContains(SoundPath, ";") != -1)
{
ReplyToCommand(client, "[SM] Invalid filename");
return Plugin_Handled;
} }
char target_name[MAX_TARGET_LENGTH]; char target_name[MAX_TARGET_LENGTH];
@ -106,8 +110,8 @@ public Action Command_Play(int client, int args)
for (int i = 0; i < target_count; i++) for (int i = 0; i < target_count; i++)
{ {
ClientCommand(target_list[i], "playgamesound \"%s\"", Arguments[len]); ClientCommand(target_list[i], "playgamesound \"%s\"", SoundPath);
LogAction(client, target_list[i], "\"%L\" played sound on \"%L\" (file \"%s\")", client, target_list[i], Arguments[len]); LogAction(client, target_list[i], "\"%L\" played sound on \"%L\" (file \"%s\")", client, target_list[i], SoundPath);
} }
if (tn_is_ml) if (tn_is_ml)
@ -120,4 +124,4 @@ public Action Command_Play(int client, int args)
} }
return Plugin_Handled; return Plugin_Handled;
} }