diff --git a/src/floppy/fdd_audio.c b/src/floppy/fdd_audio.c index 14ea6f9f2..b248eb8bc 100644 --- a/src/floppy/fdd_audio.c +++ b/src/floppy/fdd_audio.c @@ -191,30 +191,9 @@ fdd_audio_log_active_profiles(void) void fdd_audio_load_profiles(void) { - char config_path[2048]; ini_t profiles_ini; - /* Validate exe_path to prevent directory traversal attacks */ - if (exe_path == NULL || strlen(exe_path) == 0) { - fdd_log("FDD Audio: Invalid exe_path\n"); - return; - } - - /* Check for directory traversal sequences */ - if (strstr(exe_path, "..") != NULL) { - fdd_log("FDD Audio: Directory traversal detected in exe_path\n"); - return; - } - - path_append_filename(config_path, exe_path, "roms/floppy/fdd_audio_profiles.cfg"); - - /* Additional validation of the final path */ - if (strstr(config_path, "..") != NULL) { - fdd_log("FDD Audio: Directory traversal detected in config path: %s\n", config_path); - return; - } - - profiles_ini = ini_read(config_path); + profiles_ini = ini_read_ex("roms/floppy/fdd_audio_profiles.cfg", 1); if (profiles_ini == NULL) { fdd_log("FDD Audio: Could not load profiles from %s\n", config_path); return; diff --git a/src/include/86box/ini.h b/src/include/86box/ini.h index 4dd8387bc..c73faaa61 100644 --- a/src/include/86box/ini.h +++ b/src/include/86box/ini.h @@ -30,8 +30,10 @@ typedef void *ini_t; typedef void *ini_section_t; extern ini_t ini_new(void); +extern ini_t ini_read_ex(const char *fn, int is_rom); extern ini_t ini_read(const char *fn); extern void ini_strip_quotes(ini_t ini); +extern void ini_write_ex(ini_t ini, const char *fn, int is_rom); extern void ini_write(ini_t ini, const char *fn); extern void ini_dump(ini_t ini); extern void ini_close(ini_t ini); diff --git a/src/utils/ini.c b/src/utils/ini.c index 3ca4c7943..e2a4c93bc 100644 --- a/src/utils/ini.c +++ b/src/utils/ini.c @@ -34,6 +34,8 @@ #define HAVE_STDARG_H #include <86box/86box.h> #include <86box/ini.h> +#include <86box/mem.h> +#include <86box/rom.h> #include <86box/plat.h> typedef struct _list_ { @@ -360,9 +362,9 @@ ini_fgetws(wchar_t *str, int count, FILE *stream) } #endif -/* Read and parse the configuration file into memory. */ +/* Read and parse the configuration file into memory, with open type selection. */ ini_t -ini_read(const char *fn) +ini_read_ex(const char *fn, int is_rom) { char sname[128]; char ename[128]; @@ -377,11 +379,20 @@ ini_read(const char *fn) list_t *head; bom = ini_detect_bom(fn); + + if (is_rom) #if defined(ANSI_CFG) || !defined(_WIN32) - fp = plat_fopen(fn, "rt"); + fp = rom_fopen(fn, "rt"); #else - fp = plat_fopen(fn, "rt, ccs=UTF-8"); + fp = rom_fopen(fn, "rt, ccs=UTF-8"); #endif + else +#if defined(ANSI_CFG) || !defined(_WIN32) + fp = plat_fopen(fn, "rt"); +#else + fp = plat_fopen(fn, "rt, ccs=UTF-8"); +#endif + if (fp == NULL) return NULL; @@ -488,9 +499,16 @@ ini_read(const char *fn) return (ini_t) head; } -/* Write the in-memory configuration to disk. */ +/* Read and parse the configuration file into memory. */ +ini_t +ini_read(const char *fn) +{ + return ini_read_ex(fn, 0); +} + +/* Write the in-memory configuration to disk, with open type selection. */ void -ini_write(ini_t ini, const char *fn) +ini_write_ex(ini_t ini, const char *fn, int is_rom) { wchar_t wtemp[512]; list_t *list = (list_t *) ini; @@ -503,11 +521,19 @@ ini_write(ini_t ini, const char *fn) sec = (section_t *) list->next; + if (is_rom) #if defined(ANSI_CFG) || !defined(_WIN32) - fp = plat_fopen(fn, "wt"); + fp = rom_fopen(fn, "wt"); #else - fp = plat_fopen(fn, "wt, ccs=UTF-8"); + fp = rom_fopen(fn, "wt, ccs=UTF-8"); #endif + else +#if defined(ANSI_CFG) || !defined(_WIN32) + fp = plat_fopen(fn, "wt"); +#else + fp = plat_fopen(fn, "wt, ccs=UTF-8"); +#endif + if (fp == NULL) return; @@ -543,6 +569,13 @@ ini_write(ini_t ini, const char *fn) (void) fclose(fp); } +/* Write the in-memory configuration to disk. */ +void +ini_write(ini_t ini, const char *fn) +{ + ini_write_ex(ini, fn, 0); +} + /* Wide-character version of "trim" */ wchar_t * trim_w(wchar_t *str)