spsf/HyperionOS
1
0
Fork 0
forked from Hyperion/HyperionOS
Code Pull Requests Activity

Fix exploit with trailing whitespace

Browse Source
This commit is contained in:
spsf
2026-02-24 00:48:20 -06:00
parent 62a03bfe6b
commit 88b8a09894
2 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Src/Hyperion-kernel/boot/kernel.lua
View File

@@ -184,9 +184,16 @@ end
kernel.log("Gathering modules") kernel.log("Gathering modules")
for _, i in ipairs(ifs.list("/lib/modules")) do for _, i in ipairs(ifs.list("/lib/modules")) do
for _,v in ipairs(ifs.list("/lib/modules/"..i)) do local modlist = ifs.list("/lib/modules/"..i)
local prior=tonumber(v:sub(1,2)) if not modlist then
modules[prior+1][#modules[prior+1]+1]="/lib/modules/"..i.."/"..v kernel.log("WARNING: could not list /lib/modules/"..i.." (skipping)", "WARN", 8)
else
for _,v in ipairs(modlist) do
local prior=tonumber(v:sub(1,2))
if prior then
modules[prior+1][#modules[prior+1]+1]="/lib/modules/"..i.."/"..v
end
end
end end
end end

9
Src/Hyperion-kernel/lib/modules/hyperion/10_vfs.kmod
View File

@@ -111,7 +111,7 @@ local function makeMetafile(meta)
return out return out
end end
local SAFE_COMPONENT_PATTERN = "^[A-Za-z0-9_.+%-%@ %(%)%[%] ]+$" local SAFE_COMPONENT_PATTERN = "^[A-Za-z0-9_.+%-%@%(%)%[%]]+$"
local function normalizePath(path) local function normalizePath(path)
local task = kernel.currentTask local task = kernel.currentTask
@@ -135,6 +135,8 @@ local function normalizePath(path)
i = len + 1 i = len + 1
end end
comp = comp:match("^%s*(.-)%s*$")
if comp == "" or comp == "." then if comp == "" or comp == "." then
elseif comp == ".." then elseif comp == ".." then
if #stack > 0 then if #stack > 0 then
@@ -145,6 +147,9 @@ local function normalizePath(path)
if not comp:match(SAFE_COMPONENT_PATTERN) then if not comp:match(SAFE_COMPONENT_PATTERN) then
error("EINVAL: illegal characters in path component: " .. comp, 2) error("EINVAL: illegal characters in path component: " .. comp, 2)
end end
if comp == ".meta" then
error("EINVAL: reserved path component: " .. comp, 2)
end
table.insert(stack, comp) table.insert(stack, comp)
end end
end end
@@ -192,7 +197,7 @@ end
vfs._parseMetafile = parseMetafile vfs._parseMetafile = parseMetafile
local function readMetaEntry(disk, parentDiskPath, filename) local function readMetaEntry(disk, parentDiskPath, filename)
if filename == ".meta" then error("Cannot open metafile") end if filename == ".meta" then error("EACCES: Cannot open metafile") end
local mp local mp
if parentDiskPath == "/" then if parentDiskPath == "/" then
mp = ".meta" mp = ".meta"