diff options
| author | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2020-06-07 16:24:47 +0200 | 
|---|---|---|
| committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2020-06-07 17:23:51 +0200 | 
| commit | b96c4240ae6bddb4c929115cbd7d31698d72a5f7 (patch) | |
| tree | fdc7ad8430ff533bc6cb0c90dcfdebfa3a3b75cb /bin/rdsquashfs | |
| parent | 34c90905d87e8bb9fe017ac2a514cdd33a17ea63 (diff) | |
Replace assert with propper error handling in rdsquashfs describe
If a SquashFS archive contains file names with '..', '/' or similar
nonsense in them, the unpacking code already refuses to process them,
but the 'describe' code path simply triggers an assert that might not
be there if the binary was compiled with NDEBUG defined.
This commit replaces the assert with propper error handling that also
reports on why things are failing and adds an additional check in the
describe_tree function that tests if the file name is sane.
Reported-by: Zachary Dremann <dremann@gmail.com>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'bin/rdsquashfs')
| -rw-r--r-- | bin/rdsquashfs/describe.c | 14 | 
1 files changed, 11 insertions, 3 deletions
| diff --git a/bin/rdsquashfs/describe.c b/bin/rdsquashfs/describe.c index d30f844..924bedc 100644 --- a/bin/rdsquashfs/describe.c +++ b/bin/rdsquashfs/describe.c @@ -9,15 +9,17 @@  static int print_name(const sqfs_tree_node_t *n)  {  	char *start, *ptr, *name = sqfs_tree_node_get_path(n); -	int ret;  	if (name == NULL) {  		perror("Recovering file path of tree node");  		return -1;  	} -	ret = canonicalize_name(name); -	assert(ret == 0); +	if (canonicalize_name(name) != 0) { +		fprintf(stderr, "Error sanitizing file path '%s'\n", name); +		free(name); +		return -1; +	}  	if (strchr(name, ' ') == NULL && strchr(name, '"') == NULL) {  		fputs(name, stdout); @@ -70,6 +72,12 @@ int describe_tree(const sqfs_tree_node_t *root, const char *unpack_root)  {  	const sqfs_tree_node_t *n; +	if (!is_filename_sane((const char *)root->name, false)) { +		fprintf(stderr, "Encountered illegal file name '%s'\n", +			root->name); +		return -1; +	} +  	switch (root->inode->base.mode & S_IFMT) {  	case S_IFSOCK:  		return print_simple("sock", root, NULL); | 
