1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
--- xbiso-0.6.0.orig/xbiso.c 2004-01-25 17:53:05.000000000 +0000
+++ xbiso-0.6.0/xbiso.c 2005-05-21 11:56:21.729060440 +0000
@@ -309,7 +309,12 @@
memset(dirent.fname,0,dirent.fnamelen+1);
fread(dirent.fname, dirent.fnamelen, 1, xiso); //filename
-
+
+ if (strstr(dirent.fname,"..") || strchr(dirent.fname, '/') || strchr(dirent.fname, '\\'))
+ {
+ printf("Filename contains invalid characters");
+ exit(1);
+ }
if(verb) {
printf("ltable offset: %i\nrtable offset: %i\nsector: %li\nfilesize: %li\nattributes: 0x%x\nfilename length: %i\nfilename: %s\n\n", dirent.ltable, dirent.rtable, dirent.sector, dirent.size, dirent.attribs, dirent.fnamelen, dirent.fname);
|
GitWeb
