MyFavMirrors/owntone-server
1
0
Fork 0
mirror of https://github.com/owntone/owntone-server.git synced 2025-01-30 07:56:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

[pipe] Harden pict_tmpfile_recreate() against invalid input

Browse Source
This commit is contained in:
ejurgensen 2019-09-22 20:27:47 +02:00
parent 56d3f42598
commit d2921e9444
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/inputs/pipe.c
View File

@ -318,12 +318,19 @@ static int
pict_tmpfile_recreate(struct pipe_metadata *pm, const char *ext) pict_tmpfile_recreate(struct pipe_metadata *pm, const char *ext)
{ {
int offset = strlen(PIPE_TMPFILE_TEMPLATE) - PIPE_TMPFILE_TEMPLATE_EXTLEN; int offset = strlen(PIPE_TMPFILE_TEMPLATE) - PIPE_TMPFILE_TEMPLATE_EXTLEN;
int len = strlen(ext);
if (len > PIPE_TMPFILE_TEMPLATE_EXTLEN)
{
DPRINTF(E_LOG, L_PLAYER, "Invalid extension provided to pict_tmpfile_recreate (len=%d): '%s'\n", len, ext);
return -1;
}
pict_tmpfile_close(pm); pict_tmpfile_close(pm);
strcpy(pm->pict_tmpfile_path, PIPE_TMPFILE_TEMPLATE); strcpy(pm->pict_tmpfile_path, PIPE_TMPFILE_TEMPLATE);
// Use memcpy instead of strncpy because gcc 8 gives false warnings otherwise // Use memcpy instead of strncpy because gcc 8 gives false warnings otherwise
memcpy(pm->pict_tmpfile_path + offset, ext, PIPE_TMPFILE_TEMPLATE_EXTLEN); memcpy(pm->pict_tmpfile_path + offset, ext, len);
pm->pict_tmpfile_fd = mkstemps(pm->pict_tmpfile_path, PIPE_TMPFILE_TEMPLATE_EXTLEN); pm->pict_tmpfile_fd = mkstemps(pm->pict_tmpfile_path, PIPE_TMPFILE_TEMPLATE_EXTLEN);