From eaecbcafb296ac7426064d7098d0febc2c86f8c9 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max.kellermann@gmail.com>
Date: Mon, 28 Nov 2022 09:48:57 +0100
Subject: [PATCH] PlaylistFile: disallow backslash in playlist names on Windows

The function spl_valid_name() should verify playlist names and prevent
path traversal, but it failed to do so on Windows, because it forgot
to check for backslashes.

This buggy piece of code was already present when stored playlists
were initially implemented in 2006 by commit 08003904d7af58c04, and
even during the many rounds of code refactoring, nobody ever bothered
to verify it.  D'oh!

(Thanks, Paul Arzelier)
---
 NEWS                 | 1 +
 src/PlaylistFile.cxx | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/NEWS b/NEWS
index 44183827a..1eec3f592 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ ver 0.23.11 (not yet released)
 * macOS: fix build failure "no archive members specified"
 * Windows
   - fix crash bug (stack buffer overflow) after I/O errors
+  - fix path traversal bug because backslash was allowed in playlist names
 * Android/Windows
   - update OpenSSL to 3.0.7
 
diff --git a/src/PlaylistFile.cxx b/src/PlaylistFile.cxx
index 7035136df..24cde1a04 100644
--- a/src/PlaylistFile.cxx
+++ b/src/PlaylistFile.cxx
@@ -81,6 +81,9 @@ spl_valid_name(const char *name_utf8)
 	 */
 
 	return std::strchr(name_utf8, '/') == nullptr &&
+#ifdef _WIN32
+		std::strchr(name_utf8, '\\') == nullptr &&
+#endif
 		std::strchr(name_utf8, '\n') == nullptr &&
 		std::strchr(name_utf8, '\r') == nullptr;
 }