vlc | branch: master | Rémi Denis-Courmont <[email protected]> | Tue May 17 20:29:38 2016 +0300| [e1dc29e2461baa9d863245562341cb65a0205679] | committer: Rémi Denis-Courmont
input: always sanitize filenames from formatted meta-data The input item name can contain special characters. It is not too hard to imagine how this could be exploited. path_sanitize() is inadequate as it cannot differentiate special characters that are part of the trusted format string from special characters that came from expanding the input item name. Instead, filename_sanitize() must be used to eliminate all special characters. > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=e1dc29e2461baa9d863245562341cb65a0205679 --- src/input/input.c | 39 +++++++------------ src/libvlc-module.c | 4 +- src/video_output/snapshot.c | 91 +++++++++++++++++++------------------------ 3 files changed, 56 insertions(+), 78 deletions(-) diff --git a/src/input/input.c b/src/input/input.c index bea3d51..75d5360 100644 --- a/src/input/input.c +++ b/src/input/input.c @@ -2889,34 +2889,21 @@ void input_UpdateStatistic( input_thread_t *p_input, /**/ /* TODO FIXME nearly the same logic that snapshot code */ -char *input_CreateFilename( input_thread_t *input, const char *psz_path, const char *psz_prefix, const char *psz_extension ) +char *input_CreateFilename(input_thread_t *input, const char *dir, + const char *filenamefmt, const char *ext) { - char *psz_file; - DIR *path; - - path = vlc_opendir( psz_path ); - if( path ) - { - closedir( path ); + char *path; + char *filename = str_format(input, filenamefmt); + if (unlikely(filename == NULL)) + return NULL; - char *psz_tmp = str_format( input, psz_prefix ); - if( !psz_tmp ) - return NULL; + filename_sanitize(filename); - filename_sanitize( psz_tmp ); + if (((ext != NULL) + ? asprintf(&path, "%s"DIR_SEP"%s.%s", dir, filename, ext) + : asprintf(&path, "%s"DIR_SEP"%s", dir, filename)) < 0) + path = NULL; - if( asprintf( &psz_file, "%s"DIR_SEP"%s%s%s", - psz_path, psz_tmp, - psz_extension ? "." : "", - psz_extension ? psz_extension : "" ) < 0 ) - psz_file = NULL; - free( psz_tmp ); - return psz_file; - } - else - { - psz_file = str_format( input, psz_path ); - path_sanitize( psz_file ); - return psz_file; - } + free(filename); + return path; } diff --git a/src/libvlc-module.c b/src/libvlc-module.c index 9cd6daf..74fc7e5 100644 --- a/src/libvlc-module.c +++ b/src/libvlc-module.c @@ -652,9 +652,9 @@ static const char *const ppsz_prefres[] = { "the form \"{name=bookmark-name,time=optional-time-offset," \ "bytes=optional-byte-offset},{...}\"") -#define INPUT_RECORD_PATH_TEXT N_("Record directory or filename") +#define INPUT_RECORD_PATH_TEXT N_("Record directory") #define INPUT_RECORD_PATH_LONGTEXT N_( \ - "Directory or filename where the records will be stored" ) + "Directory where the records will be stored" ) #define INPUT_RECORD_NATIVE_TEXT N_("Prefer native stream recording") #define INPUT_RECORD_NATIVE_LONGTEXT N_( \ diff --git a/src/video_output/snapshot.c b/src/video_output/snapshot.c index a37cdf1..87b05db 100644 --- a/src/video_output/snapshot.c +++ b/src/video_output/snapshot.c @@ -145,62 +145,53 @@ int vout_snapshot_SaveImage(char **name, int *sequential, { /* */ char *filename; - DIR *pathdir = vlc_opendir(cfg->path); input_thread_t *input = (input_thread_t*)p_vout->p->input; - if (pathdir != NULL) { - /* The use specified a directory path */ - closedir(pathdir); - - /* */ - char *prefix = NULL; - if (cfg->prefix_fmt) - prefix = str_format(input, cfg->prefix_fmt); - if (prefix) - filename_sanitize(prefix); - else { - prefix = strdup("vlcsnap-"); - if (!prefix) - goto error; - } - if (cfg->is_sequential) { - for (int num = cfg->sequence; ; num++) { - struct stat st; - - if (asprintf(&filename, "%s" DIR_SEP "%s%05d.%s", - cfg->path, prefix, num, cfg->format) < 0) { - free(prefix); - goto error; - } - if (vlc_stat(filename, &st)) { - *sequential = num; - break; - } - free(filename); + /* */ + char *prefix = NULL; + if (cfg->prefix_fmt) + prefix = str_format(input, cfg->prefix_fmt); + if (prefix) + filename_sanitize(prefix); + else { + prefix = strdup("vlcsnap-"); + if (prefix == NULL) + goto error; + } + + if (cfg->is_sequential) { + for (int num = cfg->sequence; ; num++) { + struct stat st; + + if (asprintf(&filename, "%s" DIR_SEP "%s%05d.%s", + cfg->path, prefix, num, cfg->format) < 0) { + free(prefix); + goto error; + } + if (vlc_stat(filename, &st)) { + *sequential = num; + break; } - } else { - struct timespec ts; - struct tm curtime; - char buffer[128]; - - timespec_get(&ts, TIME_UTC); - if (localtime_r(&ts.tv_sec, &curtime) == NULL) - gmtime_r(&ts.tv_sec, &curtime); - if (strftime(buffer, sizeof(buffer), "%Y-%m-%d-%Hh%Mm%Ss", - &curtime) == 0) - strcpy(buffer, "error"); - - if (asprintf(&filename, "%s" DIR_SEP "%s%s%03lu.%s", - cfg->path, prefix, buffer, ts.tv_nsec / 1000000, - cfg->format) < 0) - filename = NULL; + free(filename); } - free(prefix); } else { - /* The user specified a full path name (including file name) */ - filename = str_format(input, cfg->path); - path_sanitize(filename); + struct timespec ts; + struct tm curtime; + char buffer[128]; + + timespec_get(&ts, TIME_UTC); + if (localtime_r(&ts.tv_sec, &curtime) == NULL) + gmtime_r(&ts.tv_sec, &curtime); + if (strftime(buffer, sizeof(buffer), "%Y-%m-%d-%Hh%Mm%Ss", + &curtime) == 0) + strcpy(buffer, "error"); + + if (asprintf(&filename, "%s" DIR_SEP "%s%s%03lu.%s", + cfg->path, prefix, buffer, ts.tv_nsec / 1000000, + cfg->format) < 0) + filename = NULL; } + free(prefix); if (!filename) goto error; _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
