summaryrefslogtreecommitdiff
path: root/src/fl_load.c
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2013-05-19 11:46:45 +0200
committerYorhel <git@yorhel.nl>2013-05-19 11:46:45 +0200
commitb9a3431d864f13b559586b3f5c29fa34dcd5b3be (patch)
treee02a55c1c73710ee54961215e31e6c6b06867111 /src/fl_load.c
parente853e1253e5a2b7eaa605b0a3d30d1e2ff777fa5 (diff)
fl_load.c: Don't allow '/' in file or directory name
The ADC spec allows a '/' in a file or directory name, but only when escaped with a '\'. I've no idea how to securely deal with such filenames, so I'll just disallow them. The '\' character is also allowed by the spec and should be escaped similarly. Those don't pose a problem on unix-like systems, so I suppose we can keep allowing it. No attempt is made to unescape filenames; it wouldn't matter.
Diffstat (limited to 'src/fl_load.c')
-rw-r--r--src/fl_load.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/src/fl_load.c b/src/fl_load.c
index 054d781..c1a4825 100644
--- a/src/fl_load.c
+++ b/src/fl_load.c
@@ -82,6 +82,10 @@ static int readcb(void *context, char *buf, int len, GError **err) {
}
+#define isvalidfilename(x) (\
+ !(((x)[0] == '.' && (!(x)[1] || ((x)[1] == '.' && !(x)[2])))) && !strchr((x), '/'))
+
+
static int entitycb(void *context, int type, const char *arg1, const char *arg2, GError **err) {
ctx_t *x = context;
//printf("%d,%d: %s, %s\n", x->state, type, arg1, arg2);
@@ -109,8 +113,8 @@ static int entitycb(void *context, int type, const char *arg1, const char *arg2,
case S_DIROPEN:
if(type == XMLT_ATTR && g_ascii_strcasecmp(arg1, "Name") == 0 && !x->name) {
x->name = g_utf8_validate(arg2, -1, NULL) ? g_strdup(arg2) : str_convert("UTF-8", "UTF-8", arg2);
- if(x->name[0] == '.' && (!x->name[1] || (x->name[1] == '.' && !x->name[2]))) {
- g_set_error(err, 1, 0, "'.' or '..' not allowed in directory name");
+ if(!isvalidfilename(x->name)) {
+ g_set_error(err, 1, 0, "Invalid directory name");
return -1;
}
return 0;
@@ -172,8 +176,8 @@ static int entitycb(void *context, int type, const char *arg1, const char *arg2,
case S_FILEOPEN:
if(type == XMLT_ATTR && g_ascii_strcasecmp(arg1, "Name") == 0 && !x->name) {
x->name = g_utf8_validate(arg2, -1, NULL) ? g_strdup(arg2) : str_convert("UTF-8", "UTF-8", arg2);
- if(x->name[0] == '.' && (!x->name[1] || (x->name[1] == '.' && !x->name[2]))) {
- g_set_error(err, 1, 0, "'.' or '..' not allowed in file name");
+ if(!isvalidfilename(x->name)) {
+ g_set_error(err, 1, 0, "Invalid file name");
return -1;
}
return 0;