oysteikt/mpd
0
0
Fork 0
Code Issues Pull Requests Releases Activity

db/upnp: strict vpath checks for the "root" directory

Browse Source
This commit is contained in:
Max Kellermann
2014-01-23 00:40:39 +01:00
parent b61a2c722c
commit b52d8fbebe
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/db/UpnpDatabasePlugin.cxx
View File

@@ -599,12 +599,32 @@ UpnpDatabase::VisitServer(const ContentDirectoryService &server,
because the path is not valid for traversal. Besides, it's because the path is not valid for traversal. Besides, it's
just faster to access the target node directly */ just faster to access the target node directly */
if (!vpath.empty() && vpath.front() == rootid) { if (!vpath.empty() && vpath.front() == rootid) {
switch (vpath.size()) {
case 1:
return true;
case 2:
break;
default:
error.Format(db_domain, DB_NOT_FOUND,
"Not found");
return false;
}
if (visit_song) { if (visit_song) {
UPnPDirObject dirent; UPnPDirObject dirent;
if (!ReadNode(server, vpath.back().c_str(), dirent, if (!ReadNode(server, vpath.back().c_str(), dirent,
error)) error))
return false; return false;
if (dirent.type != UPnPDirObject::Type::ITEM ||
dirent.item_class != UPnPDirObject::ItemClass::MUSIC) {
error.Format(db_domain, DB_NOT_FOUND,
"Not found");
return false;
}
std::string path = songPath(server.getFriendlyName(), std::string path = songPath(server.getFriendlyName(),
dirent.m_id); dirent.m_id);
if (!visitSong(std::move(dirent), path.c_str(), if (!visitSong(std::move(dirent), path.c_str(),