diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/sqfs/readdir.c | 12 | ||||
-rw-r--r-- | lib/sqfshelper/deserialize_fstree.c | 20 |
2 files changed, 20 insertions, 12 deletions
diff --git a/lib/sqfs/readdir.c b/lib/sqfs/readdir.c index 1323c36..25d0438 100644 --- a/lib/sqfs/readdir.c +++ b/lib/sqfs/readdir.c @@ -60,18 +60,6 @@ int sqfs_meta_reader_read_dir_ent(sqfs_meta_reader_t *m, return err; } - if (strchr((char *)out->name, '/') != NULL || - strchr((char *)out->name, '\\') != NULL) { - free(out); - return SQFS_ERROR_CORRUPTED; - } - - if (strcmp((char *)out->name, "..") == 0 || - strcmp((char *)out->name, ".") == 0) { - free(out); - return SQFS_ERROR_CORRUPTED; - } - *result = out; return 0; } diff --git a/lib/sqfshelper/deserialize_fstree.c b/lib/sqfshelper/deserialize_fstree.c index 37861e6..6c536c3 100644 --- a/lib/sqfshelper/deserialize_fstree.c +++ b/lib/sqfshelper/deserialize_fstree.c @@ -78,6 +78,21 @@ static bool node_would_be_own_parent(tree_node_t *root, tree_node_t *n) return false; } +static bool is_name_sane(const char *name) +{ + if (strchr(name, '/') != NULL || strchr(name, '\\') != NULL) + goto fail; + + if (strcmp(name, "..") == 0 || strcmp(name, ".") == 0) + goto fail; + + return true; +fail: + fprintf(stderr, "WARNING: Found directory entry named '%s', " + "skipping\n", name); + return false; +} + static int fill_dir(sqfs_meta_reader_t *ir, sqfs_meta_reader_t *dr, tree_node_t *root, sqfs_super_t *super, sqfs_id_table_t *idtbl, @@ -126,6 +141,11 @@ static int fill_dir(sqfs_meta_reader_t *ir, sqfs_meta_reader_t *dr, continue; } + if (!is_name_sane((const char *)ent->name)) { + free(ent); + continue; + } + err = sqfs_meta_reader_read_inode(ir, super, hdr.start_block, ent->offset, &inode); |