From 0712314d23a893b5f890039de4fe99e936aa0a9c Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@musicpd.org>
Date: Wed, 13 Oct 2021 15:50:34 +0200
Subject: [PATCH] archive/{zzip,iso9660}: ignore file names which are invalid
 UTF-8

These malformed strings must not be transferred over the wire, because
the MPD protocol is defined to be UTF-8.

Closes https://github.com/MusicPlayerDaemon/MPD/issues/1274
---
 NEWS                                         | 2 ++
 src/archive/plugins/Iso9660ArchivePlugin.cxx | 5 +++++
 src/archive/plugins/ZzipArchivePlugin.cxx    | 3 ++-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 9c96f7416..564c9b985 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,8 @@ ver 0.23 (not yet released)
   - proxy: require libmpdclient 2.11 or later
   - proxy: split search into chunks to avoid exceeding the output buffer
   - upnp: support libnpupnp instead of libupnp
+* archive
+  - zzip, iso9660: ignore file names which are invalid UTF-8
 * decoder
   - openmpt: new plugin
   - wavpack: fix WVC file support
diff --git a/src/archive/plugins/Iso9660ArchivePlugin.cxx b/src/archive/plugins/Iso9660ArchivePlugin.cxx
index d8bcf2f07..dc988faae 100644
--- a/src/archive/plugins/Iso9660ArchivePlugin.cxx
+++ b/src/archive/plugins/Iso9660ArchivePlugin.cxx
@@ -29,6 +29,7 @@
 #include "fs/Path.hxx"
 #include "util/RuntimeError.hxx"
 #include "util/StringCompare.hxx"
+#include "util/UTF8.hxx"
 #include "util/WritableBuffer.hxx"
 
 #include <cdio/iso9660.h>
@@ -102,6 +103,10 @@ Iso9660ArchiveFile::Visit(char *path, size_t length, size_t capacity,
 			/* skip special names like "." and ".." */
 			continue;
 
+		if (!ValidateUTF8(filename))
+			/* ignore file names which are not valid UTF-8 */
+			continue;
+
 		size_t filename_length = strlen(filename);
 		if (length + filename_length + 1 >= capacity)
 			/* file name is too long */
diff --git a/src/archive/plugins/ZzipArchivePlugin.cxx b/src/archive/plugins/ZzipArchivePlugin.cxx
index d56b1d8db..e52eb9ed3 100644
--- a/src/archive/plugins/ZzipArchivePlugin.cxx
+++ b/src/archive/plugins/ZzipArchivePlugin.cxx
@@ -29,6 +29,7 @@
 #include "fs/Path.hxx"
 #include "system/Error.hxx"
 #include "util/RuntimeError.hxx"
+#include "util/UTF8.hxx"
 
 #include <zzip/zzip.h>
 
@@ -84,7 +85,7 @@ ZzipArchiveFile::Visit(ArchiveVisitor &visitor)
 	ZZIP_DIRENT dirent;
 	while (zzip_dir_read(dir->dir, &dirent))
 		//add only files
-		if (dirent.st_size > 0)
+		if (dirent.st_size > 0 && ValidateUTF8(dirent.d_name))
 			visitor.VisitArchiveEntry(dirent.d_name);
 }