PlaylistFile: disallow backslash in playlist names on Windows
The function spl_valid_name() should verify playlist names and prevent path traversal, but it failed to do so on Windows, because it forgot to check for backslashes. This buggy piece of code was already present when stored playlists were initially implemented in 2006 by commit 08003904d7af58c04, and even during the many rounds of code refactoring, nobody ever bothered to verify it. D'oh! (Thanks, Paul Arzelier)
This commit is contained in:
Max Kellermann
parent
73b5d0a9b9
commit
eaecbcafb2
1
NEWS
1
NEWS
@ -2,6 +2,7 @@ ver 0.23.11 (not yet released)
|
|||||||
* macOS: fix build failure "no archive members specified"
|
* macOS: fix build failure "no archive members specified"
|
||||||
* Windows
|
* Windows
|
||||||
- fix crash bug (stack buffer overflow) after I/O errors
|
- fix crash bug (stack buffer overflow) after I/O errors
|
||||||
|
- fix path traversal bug because backslash was allowed in playlist names
|
||||||
* Android/Windows
|
* Android/Windows
|
||||||
- update OpenSSL to 3.0.7
|
- update OpenSSL to 3.0.7
|
||||||
|
|
||||||
|
|||||||
@ -81,6 +81,9 @@ spl_valid_name(const char *name_utf8)
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
return std::strchr(name_utf8, '/') == nullptr &&
|
return std::strchr(name_utf8, '/') == nullptr &&
|
||||||
|
#ifdef _WIN32
|
||||||
|
std::strchr(name_utf8, '\\') == nullptr &&
|
||||||
|
#endif
|
||||||
std::strchr(name_utf8, '\n') == nullptr &&
|
std::strchr(name_utf8, '\n') == nullptr &&
|
||||||
std::strchr(name_utf8, '\r') == nullptr;
|
std::strchr(name_utf8, '\r') == nullptr;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user