app-cdr/xdvdfs-tools/files/xdvdfs-tools-2.1-fnamefix.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

--- XDVDFS_Tools.orig/src/xdvdfs/xdvdfs.c	2003-08-15 23:26:58.000000000 +0000
+++ XDVDFS_Tools/src/xdvdfs/xdvdfs.c	2005-05-21 12:13:55.655839216 +0000
@@ -157,6 +157,14 @@
 	memcpy(SearchRecord->Filename, Entry->Filename, Entry->FilenameLength);
 	SearchRecord->Filename[Entry->FilenameLength] = 0;
 
+	if (strstr(SearchRecord->Filename,"..") || 
+	    strchr(SearchRecord->Filename, '/') || 
+	    strchr(SearchRecord->Filename, '\\'))
+	  {
+	    printf("Filename contains invalid characters\n");
+	    exit(1);
+	  }
+
 	// Copy file parameters in the search_rec
 	SearchRecord->Attributes = Entry->FileAttributes;
 	SearchRecord->FileSize = ENDIAN_SAFE32(Entry->FileSize);