command: "update" checks if the path is malformed

This is a very basic check, which only ensures that the path does not begin with a slash, doesn't have double slashes and the special names "." and ".." are forbidden.

command: "update" checks if the path is malformed
a3645984 · Max Kellermann · 43cf4e97 · a3645984 · a3645984
Commit a3645984 authored Feb 27, 2010 by Max Kellermann
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 2 deletions

NEWS NEWS +1 -0

command.c src/command.c +16 -2

No files found.
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ ver 0.16 (20??/??/??)
  - "load" supports remote playlists (extm3u, pls, asx, xspf, lastfm://)
  - allow changing replay gain mode on-the-fly
  - omitting the range end is possible
+  - "update" checks if the path is malformed
 * archive:
  - iso: renamed plugin to "iso9660"
  - zip: renamed plugin to "zzip"

--- a/src/command.c
+++ b/src/command.c
@@ -1055,9 +1055,16 @@ handle_update(struct client *client, G_GNUC_UNUSED int argc, char *argv[])
 	unsigned ret;

 	assert(argc <= 2);
-	if (argc == 2)
+	if (argc == 2) {
 		path = argv[1];

+		if (!uri_safe_local(path)) {
+			command_error(client, ACK_ERROR_ARG,
+				      "Malformed path");
+			return COMMAND_RETURN_ERROR;
+		}
+	}
+
 	ret = update_enqueue(path, false);
 	if (ret > 0) {
 		client_printf(client, "updating_db: %i\n", ret);
@@ -1076,9 +1083,16 @@ handle_rescan(struct client *client, G_GNUC_UNUSED int argc, char *argv[])
 	unsigned ret;

 	assert(argc <= 2);
-	if (argc == 2)
+	if (argc == 2) {
 		path = argv[1];

+		if (!uri_safe_local(path)) {
+			command_error(client, ACK_ERROR_ARG,
+				      "Malformed path");
+			return COMMAND_RETURN_ERROR;
+		}
+	}
+
 	ret = update_enqueue(path, true);
 	if (ret > 0) {
 		client_printf(client, "updating_db: %i\n", ret);