Update of /cvsroot/audacity/audacity-src/src
In directory sc8-pr-cvs11.sourceforge.net:/tmp/cvs-serv7712
Modified Files:
Tag: Audacity_UmixIt
Branding.cpp Branding.h DirManager.cpp DirManager.h
Project.cpp Sequence.cpp
Log Message:
security vulnerability fixes, per NGS report for UmixIt
Index: DirManager.h
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/DirManager.h,v
retrieving revision 1.17.2.3.2.1
retrieving revision 1.17.2.3.2.2
diff -u -d -r1.17.2.3.2.1 -r1.17.2.3.2.2
--- DirManager.h 23 Nov 2006 03:48:09 -0000 1.17.2.3.2.1
+++ DirManager.h 12 Dec 2006 03:27:08 -0000 1.17.2.3.2.2
@@ -97,6 +97,7 @@
void SetLoadingTarget(BlockFile **target) { mLoadingTarget = target; }
void SetLoadingFormat(sampleFormat format) { mLoadingFormat = format; }
void SetLoadingBlockLength(sampleCount len) { mLoadingBlockLen = len; }
+ void SetMaxSamples(sampleCount max) { mMaxSamples = max; }
bool HandleXMLTag(const char *tag, const char **attrs);
XMLTagHandler *HandleXMLChild(const char *tag) { return NULL; }
void WriteXML(int depth, FILE *fp) { }
@@ -135,6 +136,8 @@
sampleFormat mLoadingFormat;
sampleCount mLoadingBlockLen;
+ sampleCount mMaxSamples;
+
static wxString temp;
static int numDirManagers;
Index: Branding.h
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/Attic/Branding.h,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -d -r1.1.2.1 -r1.1.2.2
--- Branding.h 29 Nov 2006 03:31:28 -0000 1.1.2.1
+++ Branding.h 12 Dec 2006 03:27:08 -0000 1.1.2.2
@@ -16,6 +16,8 @@
#include "Audacity.h"
#include "xml/xmltaghandler.h"
+#include <wx/filename.h>
+
class Branding : public XMLTagHandler
{
public:
@@ -27,12 +29,12 @@
wxString GetBrandName() { return m_strBrandName; }
wxString GetBrandURL() { return m_strBrandURL; }
- wxString GetBrandLogoFilename() { return m_strBrandLogoFilename; }
+ wxFileName GetBrandLogoFileName() { return m_BrandLogoFileName; }
wxString GetBrandColorScheme() { return m_strBrandColorScheme; }
-public:
+private:
wxString m_strBrandName;
wxString m_strBrandURL;
- wxString m_strBrandLogoFilename;
+ wxFileName m_BrandLogoFileName; // Store full thing, not just file name, so
don't need to add path again.
wxString m_strBrandColorScheme;
};
Index: Branding.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/Attic/Branding.cpp,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -d -r1.1.2.1 -r1.1.2.2
--- Branding.cpp 29 Nov 2006 03:31:28 -0000 1.1.2.1
+++ Branding.cpp 12 Dec 2006 03:27:08 -0000 1.1.2.2
@@ -12,12 +12,15 @@
**********************************************************************/
#include "Branding.h"
+#include "Project.h"
+
+#include <wx/msgdlg.h>
Branding::Branding()
{
m_strBrandName = "";
m_strBrandURL = "";
- m_strBrandLogoFilename = "";
+ m_BrandLogoFileName.Clear();
m_strBrandColorScheme = "";
}
@@ -32,10 +35,25 @@
if (!value) break;
- if (!strcmp(attr, "brandname")) m_strBrandName = value;
- else if (!strcmp(attr, "url")) m_strBrandURL = value;
- else if (!strcmp(attr, "logofilename")) m_strBrandLogoFilename = value;
- else if (!strcmp(attr, "colorscheme")) m_strBrandColorScheme = value;
+ if (!strcmp(attr, "brandname"))
+ m_strBrandName = value;
+ else if (!strcmp(attr, "url"))
+ m_strBrandURL = value;
+ else if (!strcmp(attr, "logofilename"))
+ {
+ // Logo file is supposed to be stored in the project data directory.
+ wxString strDirName =
GetActiveProject()->GetDirManager()->GetProjectDataDir();
+ if (IsGoodFileNameFromXML(value, strDirName)) {
+ // Store full thing, not just file name, so don't need to add path
again.
+ m_BrandLogoFileName.Assign(strDirName, value);
+ m_BrandLogoFileName.Normalize(wxPATH_NORM_ABSOLUTE |
wxPATH_NORM_LONG);
+ } else {
+ wxMessageBox(wxString::Format(_("Could not open branding logo
file: %s"), value),
+ _("Error"), wxOK | wxICON_ERROR);
+ }
+ }
+ else if (!strcmp(attr, "colorscheme"))
+ m_strBrandColorScheme = value;
} // while
return true;
@@ -50,7 +68,7 @@
fprintf(fp, "<branding ");
fprintf(fp, "brandname=\"%s\" ", XMLEsc(m_strBrandName).c_str());
fprintf(fp, "url=\"%s\" ", XMLEsc(m_strBrandURL).c_str());
- fprintf(fp, "logofilename=\"%s\" ", XMLEsc(m_strBrandLogoFilename).c_str());
+ fprintf(fp, "logofilename=\"%s\" ",
XMLEsc(m_BrandLogoFileName.GetFullName()).c_str());
fprintf(fp, "colorscheme=\"%s\" ", XMLEsc(m_strBrandColorScheme).c_str());
fprintf(fp, "/>\n"); // XML shorthand for childless tag
}
Index: DirManager.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/DirManager.cpp,v
retrieving revision 1.35.2.5.2.1
retrieving revision 1.35.2.5.2.2
diff -u -d -r1.35.2.5.2.1 -r1.35.2.5.2.2
--- DirManager.cpp 23 Nov 2006 03:48:08 -0000 1.35.2.5.2.1
+++ DirManager.cpp 12 Dec 2006 03:27:08 -0000 1.35.2.5.2.2
@@ -66,6 +66,7 @@
projName = "";
mLoadingTarget = NULL;
+ mMaxSamples = -1;
hashTableSize = defaultHashTableSize;
blockFileHash = new wxHashTable(wxKEY_STRING, hashTableSize);
@@ -360,17 +361,18 @@
if( mLoadingTarget == NULL )
return false;
+ BlockFile* pBlockFile = NULL;
+
if( !wxStricmp(tag, "silentblockfile") ) {
// Silent blocks don't actually have a file associated, so
// we don't need to worry about the hash table at all
*mLoadingTarget = SilentBlockFile::BuildFromXML(projFull, attrs);
return true;
}
-
- else if ( !wxStricmp(tag, "simpleblockfile") )
- *mLoadingTarget = SimpleBlockFile::BuildFromXML(projFull, attrs);
+ else if ( !wxStricmp(tag, "simpleblockfile") )
+ pBlockFile = SimpleBlockFile::BuildFromXML(projFull, attrs);
else if( !wxStricmp(tag, "pcmaliasblockfile") )
- *mLoadingTarget = PCMAliasBlockFile::BuildFromXML(projFull, attrs);
+ pBlockFile = PCMAliasBlockFile::BuildFromXML(projFull, attrs);
else if( !wxStricmp(tag, "blockfile") ||
!wxStricmp(tag, "legacyblockfile") ) {
// Support Audacity version 1.1.1 project files
@@ -389,15 +391,26 @@
}
if (alias)
- *mLoadingTarget = LegacyAliasBlockFile::BuildFromXML(projFull, attrs);
+ pBlockFile = LegacyAliasBlockFile::BuildFromXML(projFull, attrs);
else
- *mLoadingTarget = LegacyBlockFile::BuildFromXML(projFull, attrs,
+ pBlockFile = LegacyBlockFile::BuildFromXML(projFull, attrs,
mLoadingBlockLen,
mLoadingFormat);
}
else
return false;
+ if ((pBlockFile == NULL) ||
+ // Check the length here so we don't have to do it in each
BuildFromXML method.
+ ((mMaxSamples > -1) && // is initialized
+ (pBlockFile->GetLength() > mMaxSamples)))
+ {
+ delete pBlockFile;
+ return false;
+ }
+ else
+ *mLoadingTarget = pBlockFile;
+
//
// If the block we loaded is already in the hash table, then the
// object we just loaded is a duplicate, so we delete it and
Index: Sequence.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/Sequence.cpp,v
retrieving revision 1.21.4.5.2.1
retrieving revision 1.21.4.5.2.2
diff -u -d -r1.21.4.5.2.1 -r1.21.4.5.2.2
--- Sequence.cpp 11 Dec 2006 16:26:03 -0000 1.21.4.5.2.1
+++ Sequence.cpp 12 Dec 2006 03:27:11 -0000 1.21.4.5.2.2
@@ -639,7 +639,21 @@
break;
if (!strcmp(attr, "maxsamples"))
- mMaxSamples = atoi(value);
+ {
+ // Security fixes per NGS report for UmixIt.
+ // First, check that atoi probably won't overflow.
+ if (strlen(value) > strlen("2147483647")) // MAXINT
+ return false;
+
+ // Dominic, 12/10/2006:
+ // Let's check that maxsamples is >= 1024
and <= 64 * 1024 * 1024
+ // - that's a pretty wide range of reasonable
values.
+ sampleCount testMaxSamples = atoi(value);
+ if ((testMaxSamples < 1024) || (testMaxSamples > 64 * 1024 * 1024))
+ return false;
+ mMaxSamples = testMaxSamples;
+ mDirManager->SetMaxSamples(mMaxSamples);
+ }
else if (!strcmp(attr, "sampleformat"))
mSampleFormat = (sampleFormat)atoi(value);
else if (!strcmp(attr, "numsamples"))
Index: Project.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/Project.cpp,v
retrieving revision 1.178.2.17.2.5
retrieving revision 1.178.2.17.2.6
diff -u -d -r1.178.2.17.2.5 -r1.178.2.17.2.6
--- Project.cpp 29 Nov 2006 09:59:36 -0000 1.178.2.17.2.5
+++ Project.cpp 12 Dec 2006 03:27:11 -0000 1.178.2.17.2.6
@@ -169,13 +169,18 @@
if (strcmp(tag, "import") ||
attrs==NULL || (*attrs)==NULL ||
strcmp(*attrs++, "filename")) return false;
- wxString strPathname = *attrs;
- if (!wxFile::Exists(FILENAME(strPathname))) {
- strPathname = mProject->GetDirManager()->GetProjectDataDir() +
wxFILE_SEP_PATH + strPathname;
- if (!wxFile::Exists(FILENAME(strPathname)))
- return false;
+ wxString strPathName = FILENAME(*attrs);
+ if (!IsGoodPathNameFromXML(strPathName)) {
+ // Maybe strPathName is just a fileName, not the full path. Try the
project data directory.
+ wxFileName fileName(mProject->GetDirManager()->GetProjectDataDir(),
strPathName);
+ if (IsGoodFileNameFromXML(strPathName,
fileName.GetPath(wxPATH_GET_VOLUME))) {
+ strPathName = fileName.GetFullPath();
+ } else {
+ wxMessageBox(_("Could not import file: ") + strPathName, _("Error"),
wxOK | wxICON_ERROR);
+ return false;
+ }
}
- mProject->Import(strPathname);
+ mProject->Import(strPathName);
return true; //v result from Import?
}
@@ -1966,7 +1971,8 @@
wxString projName = value;
wxString projPath = wxPathOnly(mFileName);
- if (!mDirManager->SetProject(projPath, projName, false)) {
+ if (!IsGoodSubdirNameFromXML(projName, projPath) ||
+ !mDirManager->SetProject(projPath, projName, false)) {
wxMessageBox(wxString::Format(_("Couldn't find the project data
folder: \"%s\""),
(const char *)projName),
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Audacity-cvs mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/audacity-cvs
