Sanity check archivers that should only have low-ASCII filename.
authorRyan C. Gordon <icculus@icculus.org>
Mon, 14 Aug 2017 01:29:45 -0400
changeset 1569 2d7183f702ed
parent 1568 9e0c6ceefd41
child 1570 3bd8afc43ee3
Sanity check archivers that should only have low-ASCII filename.
src/physfs_archiver_iso9660.c
src/physfs_archiver_vdf.c
--- a/src/physfs_archiver_iso9660.c	Mon Aug 14 01:28:30 2017 -0400
+++ b/src/physfs_archiver_iso9660.c	Mon Aug 14 01:29:45 2017 -0400
@@ -54,6 +54,7 @@
     size_t baselen;
     size_t fullpathlen;
     void *entry;
+    int i;
 
     if (fnamelen == 1 && ((fname[0] == 0) || (fname[0] == 1)))
         return 1;  /* Magic that represents "." and "..", ignore */
@@ -80,7 +81,6 @@
     {
         PHYSFS_uint16 *ucs2 = (PHYSFS_uint16 *) fname;
         int total = fnamelen / 2;
-        int i;
         for (i = 0; i < total; i++)
             ucs2[i] = PHYSFS_swapUBE16(ucs2[i]);
         ucs2[total] = '\0';
@@ -88,10 +88,17 @@
     } /* if */
     else
     {
-        /* !!! FIXME-3.0: we assume the filenames are low-ASCII; if they use
-           any high-ASCII chars, they will be invalid UTF-8. */
-        memcpy(fnamecpy, fname, fnamelen);
+        for (i = 0; i < fnamelen; i++)
+        {
+            /* We assume the filenames are low-ASCII; consider the archive
+               corrupt if we see something above 127, since we don't know the
+               encoding. (We can change this later if we find out these exist
+               and are intended to be, say, latin-1 or UTF-8 encoding). */
+            BAIL_IF(fname[i] > 127, PHYSFS_ERR_CORRUPT, 0);
+            fnamecpy[i] = fname[i];
+        } /* for */
         fnamecpy[fnamelen] = '\0';
+
         if (!isdir)
         {
             /* find last SEPARATOR2 */
--- a/src/physfs_archiver_vdf.c	Mon Aug 14 01:28:30 2017 -0400
+++ b/src/physfs_archiver_vdf.c	Mon Aug 14 01:29:45 2017 -0400
@@ -70,6 +70,12 @@
         name[VDF_ENTRY_NAME_LENGTH] = '\0';  /* always null-terminated. */
         for (namei = VDF_ENTRY_NAME_LENGTH - 1; namei >= 0; namei--)
         {
+            /* We assume the filenames are low-ASCII; consider the archive
+               corrupt if we see something above 127, since we don't know the
+               encoding. (We can change this later if we find out these exist
+               and are intended to be, say, latin-1 or UTF-8 encoding). */
+            BAIL_IF(((PHYSFS_uint8) name[namei]) > 127, PHYSFS_ERR_CORRUPT, 0);
+
             if (name[namei] == ' ')
                 name[namei] = '\0';
             else
@@ -78,9 +84,6 @@
 
         BAIL_IF(!name[0], PHYSFS_ERR_CORRUPT, 0);
 
-        /* !!! FIXME-3.0: we assume the filenames are low-ASCII; if they use
-           any high-ASCII chars, they will be invalid UTF-8. */
-
         BAIL_IF_ERRPASS(!UNPK_addEntry(arc, name, 0, ts, ts, jump, size), 0);
     } /* for */