Annoyingly, things haven't quite gone to plan. There's two main contributing factors to this; first off is that the fix for the security issue is a little hard to actually program (I know what I need to do, but just haven't been able to do it yet). The second is that today a lot of the time I had planned to allocate to this project got consumed by some mandatory DIY I had to do.
So basically, I've got to push the project back a couple of days. New target date is 3rd March, but hopefully sooner.
Just a wild shot in the dark since I don't really know what problems your dealing with.
ReplyDeleteRather than making the patcher code proof against malicious game or patch files could you create a temporary copy and prune any malicious contents before running the patcher code?
Not really an option, I'm afraid. The security vulnerability is a combination of factors to do with Python, archive files and the specifics of how RPGMaker Trans is used. It isn't a vulnerability in how games or patch files are parsed - that bit should be pretty robust.
ReplyDelete