rollerozxa
commented
10 months ago Here's my open_url implementation from the imgui backend (Use only as a reference, fallback code is completely untested and may be insecure as well):
Fallback code works and is safe against malicious input, good for old Linux distros. The Windows fallback can just be dropped since we control the version of SDL2 there and MSYS2 has close to the latest version of SDL2 there.
On Linux, the game inserts URL directly into command line.
Windows implementation is probably fine, but looks kinda suspicious... (needs testing)
NO_UI targets, Android, iOS are not affected.
https://github.com/Bithack/principia/blob/34acab0133b5f32cba133520c63d166f13f26550/src/src/ui.cc#L14638-L14648
...however it's currently impossible to exploit this issue.
The game uses urls sparingly, and only the user page link is affected. (the one in the top left corner).
it only affects account's user and due to username limitations (it's not possible to insert spaces or any special characters) impossible to exploit without a custom community server.
But, if forced, usernames like
;shor$(sh)should consistently trigger this.SDL_OpenURLshould be used instead of thesystem()call (with some sort of fallback, since it was added in SDL 2.0.14, which is not available in Ubuntu and Debian repos)Here's my
open_urlimplementation from the imgui backend (Use only as a reference, fallback code is completely untested and may be insecure as well):https://github.com/griffi-gh/principia-owo/blob/0bd839a6411f9ac2939b14d7d622088ff58b7979/src/src/ui.cc#L324-L337