From 702739b879e1515fad571df0590be3e3f1e22cae Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Thu, 9 Oct 2008 15:35:34 +0200 Subject: directory: check the absolute path of a subdirectory while loading A manipulated database could trigger an assertion failure, because the parent didn't match. Do a proper check if the new directory is within the parent's. This uses FATAL() to bail out, so MPD still dies, but it doesn't crash. --- src/directory_save.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/directory_save.c') diff --git a/src/directory_save.c b/src/directory_save.c index 36b0c1a0..00cf5f8e 100644 --- a/src/directory_save.c +++ b/src/directory_save.c @@ -84,6 +84,10 @@ directory_load(FILE *fp, struct directory *directory) if (prefixcmp(buffer, DIRECTORY_BEGIN)) FATAL("Error reading db at line: %s\n", buffer); name = &(buffer[strlen(DIRECTORY_BEGIN)]); + if (prefixcmp(name, directory->path) != 0) + FATAL("Wrong path in database: '%s' in '%s'\n", + name, directory->path); + if ((subdir = db_get_directory(name))) { assert(subdir->parent == directory); } else { -- cgit v1.2.3