libretro/RetroArch
1
0
Fork 0
mirror of https://github.com/libretro/RetroArch.git synced 2025-02-02 15:05:09 +00:00
Code Issues Actions 24 Packages Projects Releases Wiki Activity

Plug this so-called high-risk vuln (#12533)

Browse Source 
https://www.reddit.com/r/RetroArch/comments/o0p1vy/retroarch_for_windows_versions_190_194_highrisk/

https://labs.bishopfox.com/advisories/retroarch-for-windows-version-1.9.0
This commit is contained in:
Alcaro 2021-06-17 05:44:17 +02:00 committed by GitHub
parent 10f0073778
commit aeddcb54e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
frontend/drivers/platform_win32.c
View File

@ -1033,25 +1033,23 @@ static bool accessibility_speak_windows(int speed,
init_nvda();
#endif
if (USE_POWERSHELL)
if (USE_POWERSHELL && !strchr(speak_text, '"') && !strchr(speak_text, '\\') && !strstr(speak_text, "$(")) // TODO: escape these things properly instead of rejecting the entire string
{
const char * template_lang = "powershell.exe -NoProfile -WindowStyle Hidden -Command \"Add-Type -AssemblyName System.Speech; $synth = New-Object System.Speech.Synthesis.SpeechSynthesizer; $synth.SelectVoice(\\\"%s\\\"); $synth.Rate = %s; $synth.Speak(\\\"%s\\\");\"";
const char * template_nolang = "powershell.exe -NoProfile -WindowStyle Hidden -Command \"Add-Type -AssemblyName System.Speech; $synth = New-Object System.Speech.Synthesis.SpeechSynthesizer; $synth.Rate = %s; $synth.Speak(\\\"%s\\\");\"";
if (strlen(language) > 0)
{
nbytes_cmd = snprintf(NULL, 0,
"powershell.exe -NoProfile -WindowStyle Hidden -Command \"Add-Type -AssemblyName System.Speech; $synth = New-Object System.Speech.Synthesis.SpeechSynthesizer; $synth.SelectVoice(\\\"%s\\\"); $synth.Rate = %s; $synth.Speak(\\\"%s\\\");\"", language, speeds[speed-1], (char*) speak_text) + 1;
nbytes_cmd = snprintf(NULL, 0, template_lang, language, speeds[speed-1], speak_text) + 1;
if (!(cmd = malloc(nbytes_cmd)))
return false;
snprintf(cmd, nbytes_cmd,
"powershell.exe -NoProfile -WindowStyle Hidden -Command \"Add-Type -AssemblyName System.Speech; $synth = New-Object System.Speech.Synthesis.SpeechSynthesizer; $synth.SelectVoice(\\\"%s\\\"); $synth.Rate = %s; $synth.Speak(\\\"%s\\\");\"", language, speeds[speed-1], (char*) speak_text);
snprintf(cmd, nbytes_cmd, template_lang, language, speeds[speed-1], speak_text);
}
else
{
nbytes_cmd = snprintf(NULL, 0,
"powershell.exe -NoProfile -WindowStyle Hidden -Command \"Add-Type -AssemblyName System.Speech; $synth = New-Object System.Speech.Synthesis.SpeechSynthesizer; $synth.Rate = %s; $synth.Speak(\\\"%s\\\");\"", speeds[speed-1], (char*) speak_text) + 1;
nbytes_cmd = snprintf(NULL, 0, template_nolang, speeds[speed-1], speak_text) + 1;
if (!(cmd = malloc(nbytes_cmd)))
return false;
snprintf(cmd, nbytes_cmd,
"powershell.exe -NoProfile -WindowStyle Hidden -Command \"Add-Type -AssemblyName System.Speech; $synth = New-Object System.Speech.Synthesis.SpeechSynthesizer; $synth.Rate = %s; $synth.Speak(\\\"%s\\\");\"", speeds[speed-1], (char*) speak_text);
snprintf(cmd, nbytes_cmd, template_nolang, speeds[speed-1], speak_text);
}
if (pi_set)