diff --git a/LarpixServer/Account/Utils.cs b/LarpixServer/Account/Utils.cs index 568c514..f1b0188 100644 --- a/LarpixServer/Account/Utils.cs +++ b/LarpixServer/Account/Utils.cs @@ -28,8 +28,8 @@ public class Utils } int hash = id.GetHashCode(); - if (hash < 0) hash = -hash; // Or use Math.Abs, but hash < 0 logic avoids OverflowException on int.MinValue - return _userLocksArray[hash % _userLocksArray.Length]; + int index = (hash & 0x7FFFFFFF) % _userLocksArray.Length; + return _userLocksArray[index]; } public static string GetIdFromUsernameWD(string usernameWD) @@ -111,6 +111,10 @@ public class Utils public static async Task IdFromName(string name) { + if (name == null || !IsValidUsername(name, out _)) + { + return "0"; + } string path = $"{ACCOUNTS_NAME_DIR}/{name.ToLowerInvariant()}"; if (!Fs.Exists(path)) { @@ -288,6 +292,10 @@ public class Utils public static async Task GetUserPublicStorageEntry(string id, string entry) { + if (string.IsNullOrEmpty(entry) || entry.Contains("..") || entry.Contains("/") || entry.Contains("\\")) + { + return new byte[] {}; + } string path = $"{ACCOUNTS_DATA_DIR}/{id}/storage/public/{entry}"; if (!Fs.Exists(path)) { diff --git a/LarpixServer/Filesystem/Fs.cs b/LarpixServer/Filesystem/Fs.cs index d1d3260..ab2a8d5 100644 --- a/LarpixServer/Filesystem/Fs.cs +++ b/LarpixServer/Filesystem/Fs.cs @@ -31,8 +31,8 @@ public class Fs } int hash = path.GetHashCode(); - if (hash < 0) hash = -hash; // Or use Math.Abs, but hash < 0 logic avoids OverflowException on int.MinValue - return _fileLocksArray[hash % _fileLocksArray.Length]; + int index = (hash & 0x7FFFFFFF) % _fileLocksArray.Length; + return _fileLocksArray[index]; } public static void ProcessCacheSpace() @@ -208,7 +208,10 @@ public class Fs sem1.Wait(); try { - sem2.Wait(); + if (!ReferenceEquals(sem1, sem2)) + { + sem2.Wait(); + } try { File.Move(path, newPath); @@ -220,7 +223,10 @@ public class Fs } finally { - sem2.Release(); + if (!ReferenceEquals(sem1, sem2)) + { + sem2.Release(); + } } } finally