Sanity check archivers that should only have low-ASCII filename.

icculus · Aug 14, 2017 · 88e7f3e · 88e7f3e
1 parent 9c9325c
commit 88e7f3e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 7 deletions.
diff --git a/src/physfs_archiver_iso9660.c b/src/physfs_archiver_iso9660.c
@@ -54,6 +54,7 @@ static int iso9660AddEntry(PHYSFS_Io *io, const int joliet, const int isdir,
     size_t baselen;
     size_t fullpathlen;
     void *entry;
+    int i;
 
     if (fnamelen == 1 && ((fname[0] == 0) || (fname[0] == 1)))
         return 1;  /* Magic that represents "." and "..", ignore */
@@ -80,18 +81,24 @@ static int iso9660AddEntry(PHYSFS_Io *io, const int joliet, const int isdir,
     {
         PHYSFS_uint16 *ucs2 = (PHYSFS_uint16 *) fname;
         int total = fnamelen / 2;
-        int i;
         for (i = 0; i < total; i++)
             ucs2[i] = PHYSFS_swapUBE16(ucs2[i]);
         ucs2[total] = '\0';
         PHYSFS_utf8FromUcs2(ucs2, fnamecpy, fullpathlen);
     } /* if */
     else
     {
-        /* !!! FIXME-3.0: we assume the filenames are low-ASCII; if they use
-           any high-ASCII chars, they will be invalid UTF-8. */
-        memcpy(fnamecpy, fname, fnamelen);
+        for (i = 0; i < fnamelen; i++)
+        {
+            /* We assume the filenames are low-ASCII; consider the archive
+               corrupt if we see something above 127, since we don't know the
+               encoding. (We can change this later if we find out these exist
+               and are intended to be, say, latin-1 or UTF-8 encoding). */
+            BAIL_IF(fname[i] > 127, PHYSFS_ERR_CORRUPT, 0);
+            fnamecpy[i] = fname[i];
+        } /* for */
         fnamecpy[fnamelen] = '\0';
+
         if (!isdir)
         {
             /* find last SEPARATOR2 */

diff --git a/src/physfs_archiver_vdf.c b/src/physfs_archiver_vdf.c
@@ -70,6 +70,12 @@ static int vdfLoadEntries(PHYSFS_Io *io, const PHYSFS_uint32 count,
         name[VDF_ENTRY_NAME_LENGTH] = '\0';  /* always null-terminated. */
         for (namei = VDF_ENTRY_NAME_LENGTH - 1; namei >= 0; namei--)
         {
+            /* We assume the filenames are low-ASCII; consider the archive
+               corrupt if we see something above 127, since we don't know the
+               encoding. (We can change this later if we find out these exist
+               and are intended to be, say, latin-1 or UTF-8 encoding). */
+            BAIL_IF(((PHYSFS_uint8) name[namei]) > 127, PHYSFS_ERR_CORRUPT, 0);
+
             if (name[namei] == ' ')
                 name[namei] = '\0';
             else
@@ -78,9 +84,6 @@ static int vdfLoadEntries(PHYSFS_Io *io, const PHYSFS_uint32 count,
 
         BAIL_IF(!name[0], PHYSFS_ERR_CORRUPT, 0);
 
-        /* !!! FIXME-3.0: we assume the filenames are low-ASCII; if they use
-           any high-ASCII chars, they will be invalid UTF-8. */
-
         BAIL_IF_ERRPASS(!UNPK_addEntry(arc, name, 0, ts, ts, jump, size), 0);
     } /* for */