fix(security): add file extension validation for map transfer

bobtista · bobtista · commit 28c81c1a7c5e · 2025-11-11T12:20:27.000-05:00
diff --git a/Core/GameEngine/Include/Common/FileSystem.h b/Core/GameEngine/Include/Common/FileSystem.h
@@ -161,6 +161,7 @@ class FileSystem : public SubsystemInterface
 
 	static AsciiString normalizePath(const AsciiString& path);	///< normalizes a file path. The path can refer to a directory. File path must be absolute, but does not need to exist. Returns an empty string on failure.
 	static Bool isPathInDirectory(const AsciiString& testPath, const AsciiString& basePath);	///< determines if a file path is within a base path. Both paths must be absolute, but do not need to exist.
+	static Bool hasValidTransferFileExtension(const AsciiString& filePath);	///< validates that a file path has an approved extension for map transfer operations. Returns true if extension is whitelisted (.map, .ini, .str, .wak, .tga, .txt), false otherwise. TheSuperHackers @security bobtista 06/11/2025
 
 protected:
 #if ENABLE_FILESYSTEM_EXISTENCE_CACHE
diff --git a/Core/GameEngine/Source/Common/System/FileSystem.cpp b/Core/GameEngine/Source/Common/System/FileSystem.cpp
@@ -457,3 +457,47 @@ Bool FileSystem::isPathInDirectory(const AsciiString& testPath, const AsciiStrin
 
 	return true;
 }
+
+//============================================================================
+// FileSystem::hasValidTransferFileExtension
+//============================================================================
+// TheSuperHackers @security bobtista 06/11/2025
+// Validates file extensions for map transfer operations to prevent arbitrary
+// file types from being transferred over the network or loaded from save games.
+// This is a security measure to mitigate arbitrary file write vulnerabilities.
+//============================================================================
+Bool FileSystem::hasValidTransferFileExtension(const AsciiString& filePath)
+{
+	static const char* validExtensions[] = {
+		".map",
+		".ini",
+		".str",
+		".wak",
+		".tga",
+		".txt"
+	};
+	static const Int numValidExtensions = sizeof(validExtensions) / sizeof(validExtensions[0]);
+
+	const char* lastDot = strrchr(filePath.str(), '.');
+
+	if (lastDot == NULL || lastDot[1] == '\0')
+	{
+		DEBUG_LOG(("File path '%s' has no extension.", filePath.str()));
+		return false;
+	}
+
+	for (Int i = 0; i < numValidExtensions; ++i)
+	{
+#ifdef _WIN32
+		if (_stricmp(lastDot, validExtensions[i]) == 0)
+#else
+		if (strcasecmp(lastDot, validExtensions[i]) == 0)
+#endif
+		{
+			return true;
+		}
+	}
+
+	DEBUG_LOG(("File path '%s' has invalid extension '%s' for transfer operations.", filePath.str(), lastDot));
+	return false;
+}
diff --git a/Core/GameEngine/Source/GameNetwork/ConnectionManager.cpp b/Core/GameEngine/Source/GameNetwork/ConnectionManager.cpp
@@ -53,6 +53,36 @@
 #include "GameClient/DisconnectMenu.h"
 #include "GameClient/InGameUI.h"
 
+static Bool hasValidTransferFileExtension(const AsciiString& filePath)
+{
+	static const char* const validExtensions[] = {
+		"map",
+		"ini",
+		"str",
+		"wak",
+		"tga",
+		"txt"
+	};
+
+	const char* fileExt = strrchr(filePath.str(), '.');
+
+	if (fileExt == NULL || fileExt[1] == '\0')
+	{
+		return false;
+	}
+
+	fileExt++;
+
+	for (Int i = 0; i < ARRAY_SIZE(validExtensions); ++i)
+	{
+		if (stricmp(fileExt, validExtensions[i]) == 0)
+		{
+			return true;
+		}
+	}
+
+	return false;
+}
 
 /**
  * Le destructor.
@@ -665,6 +695,13 @@ void ConnectionManager::processFile(NetFileCommandMsg *msg)
 		return;
 	}
 
+	// TheSuperHackers @security bobtista 06/11/2025 Validate file extension to prevent arbitrary file types
+	if (!hasValidTransferFileExtension(realFileName))
+	{
+		DEBUG_LOG(("File '%s' has invalid extension for transfer operations.", realFileName.str()));
+		return;
+	}
+
 	if (TheFileSystem->doesFileExist(realFileName.str()))
 	{
 		DEBUG_LOG(("File exists already!"));
diff --git a/Generals/Code/GameEngine/Source/Common/System/SaveGame/GameState.cpp b/Generals/Code/GameEngine/Source/Common/System/SaveGame/GameState.cpp
@@ -933,6 +933,13 @@ AsciiString GameState::portableMapPathToRealMapPath(const AsciiString& in) const
 		return AsciiString::TheEmptyString;
 	}
 
+	// TheSuperHackers @security bobtista 06/11/2025 Validate file extension to prevent arbitrary file types
+	if (!FileSystem::hasValidTransferFileExtension(prefix))
+	{
+		DEBUG_LOG(("File path '%s' has invalid extension for map transfer operations.", prefix.str()));
+		return AsciiString::TheEmptyString;
+	}
+
 	prefix.toLower();
 	return prefix;
 }
diff --git a/GeneralsMD/Code/GameEngine/Source/Common/System/SaveGame/GameState.cpp b/GeneralsMD/Code/GameEngine/Source/Common/System/SaveGame/GameState.cpp
@@ -933,6 +933,13 @@ AsciiString GameState::portableMapPathToRealMapPath(const AsciiString& in) const
 		return AsciiString::TheEmptyString;
 	}
 
+	// TheSuperHackers @security bobtista 06/11/2025 Validate file extension to prevent arbitrary file types
+	if (!FileSystem::hasValidTransferFileExtension(prefix))
+	{
+		DEBUG_LOG(("File path '%s' has invalid extension for map transfer operations.", prefix.str()));
+		return AsciiString::TheEmptyString;
+	}
+
 	prefix.toLower();
 	return prefix;
 }

Original file line number	Diff line number	Diff line change
`@@ -933,6 +933,13 @@ AsciiString GameState::portableMapPathToRealMapPath(const AsciiString& in) const`
`933`	`933`	`return AsciiString::TheEmptyString;`
`934`	`934`	`}`
`935`	`935`
	`936`	`+ // TheSuperHackers @security bobtista 06/11/2025 Validate file extension to prevent arbitrary file types`
	`937`	`+ if (!FileSystem::hasValidTransferFileExtension(prefix))`
	`938`	`+ {`
	`939`	`+ DEBUG_LOG(("File path '%s' has invalid extension for map transfer operations.", prefix.str()));`
	`940`	`+ return AsciiString::TheEmptyString;`
	`941`	`+ }`
	`942`	`+`
`936`	`943`	`prefix.toLower();`
`937`	`944`	`return prefix;`
`938`	`945`	`}`