Move file name sanity check to deserialize_fstree

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

2 files changed, 20 insertions, 12 deletions

diff --git a/lib/sqfs/readdir.c b/lib/sqfs/readdir.c
index 1323c36..25d0438 100644
--- a/lib/sqfs/readdir.c
+++ b/lib/sqfs/readdir.c
@@ -60,18 +60,6 @@ int sqfs_meta_reader_read_dir_ent(sqfs_meta_reader_t *m,
 		return err;
 	}
 
-	if (strchr((char *)out->name, '/') != NULL ||
-	    strchr((char *)out->name, '\\') != NULL) {
-		free(out);
-		return SQFS_ERROR_CORRUPTED;
-	}
-
-	if (strcmp((char *)out->name, "..") == 0 ||
-	    strcmp((char *)out->name, ".") == 0) {
-		free(out);
-		return SQFS_ERROR_CORRUPTED;
-	}
-
 	*result = out;
 	return 0;
 }
diff --git a/lib/sqfshelper/deserialize_fstree.c b/lib/sqfshelper/deserialize_fstree.c
index 37861e6..6c536c3 100644
--- a/lib/sqfshelper/deserialize_fstree.c
+++ b/lib/sqfshelper/deserialize_fstree.c
@@ -78,6 +78,21 @@ static bool node_would_be_own_parent(tree_node_t *root, tree_node_t *n)
 	return false;
 }
 
+static bool is_name_sane(const char *name)
+{
+	if (strchr(name, '/') != NULL || strchr(name, '\\') != NULL)
+		goto fail;
+
+	if (strcmp(name, "..") == 0 || strcmp(name, ".") == 0)
+		goto fail;
+
+	return true;
+fail:
+	fprintf(stderr, "WARNING: Found directory entry named '%s', "
+		"skipping\n", name);
+	return false;
+}
+
 static int fill_dir(sqfs_meta_reader_t *ir, sqfs_meta_reader_t *dr,
 		    tree_node_t *root, sqfs_super_t *super,
 		    sqfs_id_table_t *idtbl,
@@ -126,6 +141,11 @@ static int fill_dir(sqfs_meta_reader_t *ir, sqfs_meta_reader_t *dr,
 				continue;
 			}
 
+			if (!is_name_sane((const char *)ent->name)) {
+				free(ent);
+				continue;
+			}
+
 			err = sqfs_meta_reader_read_inode(ir, super,
 							  hdr.start_block,
 							  ent->offset, &inode);