summaryrefslogtreecommitdiffstats
path: root/audio/yamt
diff options
context:
space:
mode:
authordemon <demon@FreeBSD.org>2005-01-25 10:06:05 +0000
committerdemon <demon@FreeBSD.org>2005-01-25 10:06:05 +0000
commit98df1071e48c51921542ddca34d1ddb35b6c6a11 (patch)
tree8eea56dcc0cc129ba758db6cd363e65700197ead /audio/yamt
parent91682e8d7befdb6553d6e8eeb90d3fcf302c675e (diff)
downloadFreeBSD-ports-98df1071e48c51921542ddca34d1ddb35b6c6a11.zip
FreeBSD-ports-98df1071e48c51921542ddca34d1ddb35b6c6a11.tar.gz
Plug security hole.
Submitted by: simon
Diffstat (limited to 'audio/yamt')
-rw-r--r--audio/yamt/Makefile2
-rw-r--r--audio/yamt/files/patch-yamt-directory-traversal123
2 files changed, 124 insertions, 1 deletions
diff --git a/audio/yamt/Makefile b/audio/yamt/Makefile
index ed97386..51d9588 100644
--- a/audio/yamt/Makefile
+++ b/audio/yamt/Makefile
@@ -7,7 +7,7 @@
PORTNAME= yamt
PORTVERSION= 0.5
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= audio gnome
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} \
ftp://ftp.gpad.ac.ru/pub/FreeBSD/distfiles/
diff --git a/audio/yamt/files/patch-yamt-directory-traversal b/audio/yamt/files/patch-yamt-directory-traversal
new file mode 100644
index 0000000..99ec831
--- /dev/null
+++ b/audio/yamt/files/patch-yamt-directory-traversal
@@ -0,0 +1,123 @@
+--- src/id3tag.c
++++ src/id3tag.c
+@@ -389,12 +389,20 @@
+ return(1);
+ }
+
++static void id3tag_sanitize (char *string)
++{
++ while ((string = strchr (string, '/')))
++ {
++ *string = '_';
++ }
++}
++
+ /* This function renames a file based on its tag in the given format */
+ int id3tag_rename( char *filename, char *format )
+ {
+ struct id3tag tag;
+ struct stat stbuf;
+- char target_filename[80]="";
++ char target_filename[PATH_MAX]="";
+ char buffer[10]="";
+ char *tmp;
+ int i;
+@@ -425,36 +433,42 @@
+ {
+ case 't':
+ strcat( target_filename, tag.title);
++ id3tag_sanitize (target_filename+i2);
+ i2=i2+strlen(tag.title);
+ i++;
+ break;
+
+ case 'a':
+ strcat( target_filename, tag.artist);
++ id3tag_sanitize (target_filename+i2);
+ i2=i2+strlen(tag.artist);
+ i++;
+ break;
+
+ case 'b':
+ strcat( target_filename, tag.album);
++ id3tag_sanitize (target_filename+i2);
+ i2=i2+strlen(tag.album);
+ i++;
+ break;
+
+ case 'c':
+ strcat( target_filename, tag.comment);
++ id3tag_sanitize (target_filename+i2);
+ i2=i2+strlen(tag.comment);
+ i++;
+ break;
+
+ case 'y':
+ strcat( target_filename, tag.year);
++ id3tag_sanitize (target_filename+i2);
+ i2=i2+strlen(tag.year);
+ i++;
+ break;
+
+ case 'g':
+ strcat( target_filename, id3tag_get_genre(tag.genre));
++ id3tag_sanitize (target_filename+i2);
+ i2=i2+strlen(id3tag_get_genre(tag.genre));
+ i++;
+ break;
+@@ -521,9 +535,9 @@
+ int id3tag_sort( char *filename, char *rootdir, char *format_level1, char *format_level2 )
+ {
+ struct id3tag tag;
+- char *dir_level1=NULL;
+- char *dir_level2=NULL;
+- char target_filename[80];
++ char *dir_level1=NULL, *dir_level1_sanitized;
++ char *dir_level2=NULL, *dir_level2_sanitized;
++ char source_filename[PATH_MAX], target_filename[PATH_MAX];
+ char dir_cur[80];
+
+
+@@ -554,8 +568,10 @@
+ chdir(rootdir);
+ if( dir_level1[0] == '\0' )
+ dir_level1 = "Unknown";
+- yamtlog("%s %s", "New directory: ", dir_level1);
+- mkdir( dir_level1, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH );
++ dir_level1_sanitized = strdup (dir_level1);
++ id3tag_sanitize (dir_level1_sanitized);
++ yamtlog("%s %s", "New directory: ", dir_level1_sanitized);
++ mkdir( dir_level1_sanitized, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH );
+
+ /* Level 2 */
+ if( strcmp( format_level2, "Album") == 0 )
+@@ -573,18 +589,24 @@
+
+ if( dir_level2[0] == '\0' )
+ dir_level2 = "Unknown";
+- yamtlog("%s %s", "New directory: ", dir_level2);
++ dir_level2_sanitized = strdup (dir_level2);
++ id3tag_sanitize (dir_level2_sanitized);
++ yamtlog("%s %s", "New directory: ", dir_level2_sanitized);
+
+ /* Go into the previously created directory */
+- chdir( dir_level1 );
+- mkdir( dir_level2, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH );
++ chdir( dir_level1_sanitized );
++ mkdir( dir_level2_sanitized, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH );
+ /* Move the file into the new (?) directory */
+
+- sprintf( target_filename, "mv \"%s/%s\" \"%s%s/%s/%s\"", dir_cur, filename, rootdir, dir_level1, dir_level2, filename );
++ snprintf( source_filename, PATH_MAX, "%s/%s", dir_cur, filename );
++ snprintf( target_filename, PATH_MAX, "%s%s/%s/%s", rootdir, dir_level1_sanitized, dir_level2_sanitized, filename );
++
++ free (dir_level1_sanitized);
++ free (dir_level2_sanitized);
+
+ yamtlog("%s %s", "Sorted ", filename );
+
+- system( target_filename );
++ rename( source_filename, target_filename );
+
+ /* if( (rename( filename, target_filename )) ) */
+ /* { */
OpenPOWER on IntegriCloud