Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
M
mpd
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Иван Мажукин
mpd
Commits
1417578b
Commit
1417578b
authored
1 year ago
by
Max Kellermann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
db/update/Archive: validate directory names
Fixes assertion failure if the ZIP file contains a path that begins with a slash. Closes
https://github.com/MusicPlayerDaemon/MPD/issues/1793
parent
96befa13
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
5 additions
and
0 deletions
+5
-0
NEWS
NEWS
+2
-0
Archive.cxx
src/db/update/Archive.cxx
+3
-0
No files found.
NEWS
View file @
1417578b
ver 0.23.13 (not yet released)
* input
- curl: fix busy loop after connection failed
* archive
- zzip: fix crash bug
* decoder
- gme: require GME 0.6 or later
* output
...
...
This diff is collapsed.
Click to expand it.
src/db/update/Archive.cxx
View file @
1417578b
...
...
@@ -67,6 +67,9 @@ UpdateWalk::UpdateArchiveTree(ArchiveFile &archive, Directory &directory,
const
char
*
tmp
=
std
::
strchr
(
name
,
'/'
);
if
(
tmp
)
{
const
std
::
string_view
child_name
(
name
,
tmp
-
name
);
if
(
!
IsAcceptableFilename
(
child_name
))
return
;
//add dir is not there already
Directory
*
subdir
=
LockMakeChild
(
directory
,
child_name
);
subdir
->
device
=
DEVICE_INARCHIVE
;
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment