From: Hans-Dieter K. <fs...@us...> - 2006-02-21 01:04:19
|
Update of /cvsroot/xine/xine-ui/src/xitk In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv22736 Modified Files: mediamark.c Log Message: Fixed security issues related to playlist files. Thanks to Chris Ries. Small code review on this occasion. Index: mediamark.c =================================================================== RCS file: /cvsroot/xine/xine-ui/src/xitk/mediamark.c,v retrieving revision 1.101 retrieving revision 1.102 diff -u -r1.101 -r1.102 --- mediamark.c 24 Jul 2005 02:40:37 -0000 1.101 +++ mediamark.c 21 Feb 2006 01:04:00 -0000 1.102 @@ -547,7 +547,8 @@ } } else { - char buffer[_PATH_MAX + _NAME_MAX + 1]; + char buffer1[_PATH_MAX + _NAME_MAX + 1]; + char buffer2[_PATH_MAX + _NAME_MAX + 1]; char *entry; mmk = (mediamark_t **) realloc(mmk, sizeof(mediamark_t *) * (entries_m3u + 2)); @@ -555,16 +556,15 @@ entry = ln; if(origin) { - memset(&buffer, 0, sizeof(buffer)); - snprintf(buffer, sizeof(buffer), "%s", origin); + snprintf(buffer1, sizeof(buffer1), "%s", origin); - if((buffer[strlen(buffer) - 1] == '/') && (*ln == '/')) - buffer[strlen(buffer) - 1] = '\0'; + if((buffer1[strlen(buffer1) - 1] == '/') && (*ln == '/')) + buffer1[strlen(buffer1) - 1] = '\0'; - sprintf(buffer, "%s%s", buffer, ln); + snprintf(buffer2, sizeof(buffer2), "%s%s", buffer1, ln); - if(_file_exist(buffer)) - entry = buffer; + if(_file_exist(buffer2)) + entry = buffer2; } mediamark_store_mmk(&mmk[entries_m3u], entry, title, NULL, 0, -1, 0, 0); @@ -644,7 +644,8 @@ if(valid_sfv) { if(strncmp(ln, ";", 1)) { - char buffer[_PATH_MAX + _NAME_MAX + 1]; + char buffer1[_PATH_MAX + _NAME_MAX + 1]; + char buffer2[_PATH_MAX + _NAME_MAX + 1]; char *entry; long long int crc = 0; char *p; @@ -675,16 +676,15 @@ entry = ln; if(origin) { - memset(&buffer, 0, sizeof(buffer)); - snprintf(buffer, sizeof(buffer), "%s", origin); + snprintf(buffer1, sizeof(buffer1), "%s", origin); - if((buffer[strlen(buffer) - 1] == '/') && (*ln == '/')) - buffer[strlen(buffer) - 1] = '\0'; + if((buffer1[strlen(buffer1) - 1] == '/') && (*ln == '/')) + buffer1[strlen(buffer1) - 1] = '\0'; - sprintf(buffer, "%s%s", buffer, ln); + snprintf(buffer2, sizeof(buffer2), "%s%s", buffer1, ln); - if(_file_exist(buffer)) - entry = buffer; + if(_file_exist(buffer2)) + entry = buffer2; } mediamark_store_mmk(&mmk[entries_sfv], entry, NULL, NULL, 0, -1, 0, 0); @@ -693,15 +693,15 @@ } } } - else if(strlen(ln) > 1){ + else if(strlen(ln) > 1) { long int size; int h, m, s; int Y, M, D; - char fn[_PATH_MAX + _NAME_MAX + 1]; + char fn[2]; char mon[4]; - if(((sscanf(ln, ";%ld %d:%d.%d %d-%d-%d %s", &size, &h, &m, &s, &Y, &M, &D, &fn[0])) == 8) || - ((sscanf(ln, ";%ld %3s %d %d:%d:%d %d %s", &size, &mon[0], &D, &h, &m, &s, &Y, &fn[0])) == 8)) + if(((sscanf(ln, ";%ld %d:%d.%d %d-%d-%d %1s", &size, &h, &m, &s, &Y, &M, &D, &fn[0])) == 8) || + ((sscanf(ln, ";%ld %3s %d %d:%d:%d %d %1s", &size, &mon[0], &D, &h, &m, &s, &Y, &fn[0])) == 8)) valid_sfv = 1; } @@ -753,7 +753,8 @@ if(ln) { if((strncmp(ln, ";", 1)) && (strncmp(ln, "#", 1))) { - char buffer[_PATH_MAX + _NAME_MAX + 1]; + char buffer1[_PATH_MAX + _NAME_MAX + 1]; + char buffer2[_PATH_MAX + _NAME_MAX + 1]; char *entry; path = strrchr(filename, '/'); @@ -768,16 +769,15 @@ entry = ln; if(origin) { - memset(&buffer, 0, sizeof(buffer)); - snprintf(buffer, sizeof(buffer), "%s", origin); + snprintf(buffer1, sizeof(buffer1), "%s", origin); - if((buffer[strlen(buffer) - 1] == '/') && (*ln == '/')) - buffer[strlen(buffer) - 1] = '\0'; + if((buffer1[strlen(buffer1) - 1] == '/') && (*ln == '/')) + buffer1[strlen(buffer1) - 1] = '\0'; - sprintf(buffer, "%s%s", buffer, ln); + snprintf(buffer2, sizeof(buffer2), "%s%s", buffer1, ln); - if(_file_exist(buffer)) - entry = buffer; + if(_file_exist(buffer2)) + entry = buffer2; } mediamark_store_mmk(&mmk[entries_raw], entry, NULL, NULL, 0, -1, 0, 0); |