aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMax Kellermann <max@duempel.org>2014-01-23 00:40:39 +0100
committerMax Kellermann <max@duempel.org>2014-01-23 00:40:39 +0100
commitb52d8fbebe2b0afa7fa2d7dd71c1d1761803662c (patch)
tree23c8257a1f600f75f8f859aa10aa699584acc172 /src
parentb61a2c722cc0bd2e574984f98490b36353759b3b (diff)
downloadmpd-b52d8fbebe2b0afa7fa2d7dd71c1d1761803662c.tar.gz
mpd-b52d8fbebe2b0afa7fa2d7dd71c1d1761803662c.tar.xz
mpd-b52d8fbebe2b0afa7fa2d7dd71c1d1761803662c.zip
db/upnp: strict vpath checks for the "root" directory
Diffstat (limited to 'src')
-rw-r--r--src/db/UpnpDatabasePlugin.cxx20
1 files changed, 20 insertions, 0 deletions
diff --git a/src/db/UpnpDatabasePlugin.cxx b/src/db/UpnpDatabasePlugin.cxx
index 0d6bab2a0..f18dd95d2 100644
--- a/src/db/UpnpDatabasePlugin.cxx
+++ b/src/db/UpnpDatabasePlugin.cxx
@@ -599,12 +599,32 @@ UpnpDatabase::VisitServer(const ContentDirectoryService &server,
because the path is not valid for traversal. Besides, it's
just faster to access the target node directly */
if (!vpath.empty() && vpath.front() == rootid) {
+ switch (vpath.size()) {
+ case 1:
+ return true;
+
+ case 2:
+ break;
+
+ default:
+ error.Format(db_domain, DB_NOT_FOUND,
+ "Not found");
+ return false;
+ }
+
if (visit_song) {
UPnPDirObject dirent;
if (!ReadNode(server, vpath.back().c_str(), dirent,
error))
return false;
+ if (dirent.type != UPnPDirObject::Type::ITEM ||
+ dirent.item_class != UPnPDirObject::ItemClass::MUSIC) {
+ error.Format(db_domain, DB_NOT_FOUND,
+ "Not found");
+ return false;
+ }
+
std::string path = songPath(server.getFriendlyName(),
dirent.m_id);
if (!visitSong(std::move(dirent), path.c_str(),