1 files changed, 17 insertions, 0 deletions

diff --git a/app-cdr/xdvdfs-tools/files/xdvdfs-tools-2.1-fnamefix.patch b/app-cdr/xdvdfs-tools/files/xdvdfs-tools-2.1-fnamefix.patch
new file mode 100644
index 000000000000..4d06822eb06c
--- /dev/null
+++ b/app-cdr/xdvdfs-tools/files/xdvdfs-tools-2.1-fnamefix.patch
@@ -0,0 +1,17 @@
+--- XDVDFS_Tools.orig/src/xdvdfs/xdvdfs.c	2003-08-15 23:26:58.000000000 +0000
++++ XDVDFS_Tools/src/xdvdfs/xdvdfs.c	2005-05-21 12:13:55.655839216 +0000
+@@ -157,6 +157,14 @@
+ 	memcpy(SearchRecord->Filename, Entry->Filename, Entry->FilenameLength);
+ 	SearchRecord->Filename[Entry->FilenameLength] = 0;
+ 
++	if (strstr(SearchRecord->Filename,"..") || 
++	    strchr(SearchRecord->Filename, '/') || 
++	    strchr(SearchRecord->Filename, '\\'))
++	  {
++	    printf("Filename contains invalid characters\n");
++	    exit(1);
++	  }
++
+ 	// Copy file parameters in the search_rec
+ 	SearchRecord->Attributes = Entry->FileAttributes;
+ 	SearchRecord->FileSize = ENDIAN_SAFE32(Entry->FileSize);