diff options
| -rw-r--r-- | CHANGELOG.md | 2 | ||||
| -rw-r--r-- | bin/rdsquashfs/describe.c | 14 |
2 files changed, 13 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c9777b..c1d944e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Actually set the ZSTD compression level to something greater than 0 - Only add Selinux compile flags if WITH_SELINUX is set. Fixes Mingw cross build on Fedora. +- Make `rdsquashfs` describe mode terminate with an error message if an illegal + filename is encountered. ## [0.9.1] - 2020-05-03 ### Added diff --git a/bin/rdsquashfs/describe.c b/bin/rdsquashfs/describe.c index d30f844..924bedc 100644 --- a/bin/rdsquashfs/describe.c +++ b/bin/rdsquashfs/describe.c @@ -9,15 +9,17 @@ static int print_name(const sqfs_tree_node_t *n) { char *start, *ptr, *name = sqfs_tree_node_get_path(n); - int ret; if (name == NULL) { perror("Recovering file path of tree node"); return -1; } - ret = canonicalize_name(name); - assert(ret == 0); + if (canonicalize_name(name) != 0) { + fprintf(stderr, "Error sanitizing file path '%s'\n", name); + free(name); + return -1; + } if (strchr(name, ' ') == NULL && strchr(name, '"') == NULL) { fputs(name, stdout); @@ -70,6 +72,12 @@ int describe_tree(const sqfs_tree_node_t *root, const char *unpack_root) { const sqfs_tree_node_t *n; + if (!is_filename_sane((const char *)root->name, false)) { + fprintf(stderr, "Encountered illegal file name '%s'\n", + root->name); + return -1; + } + switch (root->inode->base.mode & S_IFMT) { case S_IFSOCK: return print_simple("sock", root, NULL); |