Sanity check archivers that should only have low-ASCII filename.

2017-08-14 01:29:45 -04:00 · 2017-08-14 01:29:45 -04:00 · 88e7f3eb0f
parent 9c9325c2c5
commit 88e7f3eb0f
2 changed files with 17 additions and 7 deletions
--- a/src/physfs_archiver_iso9660.c
+++ b/src/physfs_archiver_iso9660.c
@ -54,6 +54,7 @@ static int iso9660AddEntry(PHYSFS_Io *io, const int joliet, const int isdir,
    size_t baselen;
    size_t fullpathlen;
    void *entry;
+    int i;

    if (fnamelen == 1 && ((fname[0] == 0) || (fname[0] == 1)))
        return 1;  /* Magic that represents "." and "..", ignore */
@ -80,7 +81,6 @@ static int iso9660AddEntry(PHYSFS_Io *io, const int joliet, const int isdir,
    {
        PHYSFS_uint16 *ucs2 = (PHYSFS_uint16 *) fname;
        int total = fnamelen / 2;
-        int i;
        for (i = 0; i < total; i++)
            ucs2[i] = PHYSFS_swapUBE16(ucs2[i]);
        ucs2[total] = '\0';
@ -88,10 +88,17 @@ static int iso9660AddEntry(PHYSFS_Io *io, const int joliet, const int isdir,
    } /* if */
    else
    {
-        /* !!! FIXME-3.0: we assume the filenames are low-ASCII; if they use
-           any high-ASCII chars, they will be invalid UTF-8. */
-        memcpy(fnamecpy, fname, fnamelen);
+        for (i = 0; i < fnamelen; i++)
+        {
+            /* We assume the filenames are low-ASCII; consider the archive
+               corrupt if we see something above 127, since we don't know the
+               encoding. (We can change this later if we find out these exist
+               and are intended to be, say, latin-1 or UTF-8 encoding). */
+            BAIL_IF(fname[i] > 127, PHYSFS_ERR_CORRUPT, 0);
+            fnamecpy[i] = fname[i];
+        } /* for */
        fnamecpy[fnamelen] = '\0';
+
        if (!isdir)
        {
            /* find last SEPARATOR2 */
--- a/src/physfs_archiver_vdf.c
+++ b/src/physfs_archiver_vdf.c
@ -70,6 +70,12 @@ static int vdfLoadEntries(PHYSFS_Io *io, const PHYSFS_uint32 count,
        name[VDF_ENTRY_NAME_LENGTH] = '\0';  /* always null-terminated. */
        for (namei = VDF_ENTRY_NAME_LENGTH - 1; namei >= 0; namei--)
        {
+            /* We assume the filenames are low-ASCII; consider the archive
+               corrupt if we see something above 127, since we don't know the
+               encoding. (We can change this later if we find out these exist
+               and are intended to be, say, latin-1 or UTF-8 encoding). */
+            BAIL_IF(((PHYSFS_uint8) name[namei]) > 127, PHYSFS_ERR_CORRUPT, 0);
+
            if (name[namei] == ' ')
                name[namei] = '\0';
            else
@ -78,9 +84,6 @@ static int vdfLoadEntries(PHYSFS_Io *io, const PHYSFS_uint32 count,

        BAIL_IF(!name[0], PHYSFS_ERR_CORRUPT, 0);

-        /* !!! FIXME-3.0: we assume the filenames are low-ASCII; if they use
-           any high-ASCII chars, they will be invalid UTF-8. */
-
        BAIL_IF_ERRPASS(!UNPK_addEntry(arc, name, 0, ts, ts, jump, size), 0);
    } /* for */