From b52d8fbebe2b0afa7fa2d7dd71c1d1761803662c Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Thu, 23 Jan 2014 00:40:39 +0100 Subject: db/upnp: strict vpath checks for the "root" directory --- src/db/UpnpDatabasePlugin.cxx | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'src/db/UpnpDatabasePlugin.cxx') diff --git a/src/db/UpnpDatabasePlugin.cxx b/src/db/UpnpDatabasePlugin.cxx index 0d6bab2a0..f18dd95d2 100644 --- a/src/db/UpnpDatabasePlugin.cxx +++ b/src/db/UpnpDatabasePlugin.cxx @@ -599,12 +599,32 @@ UpnpDatabase::VisitServer(const ContentDirectoryService &server, because the path is not valid for traversal. Besides, it's just faster to access the target node directly */ if (!vpath.empty() && vpath.front() == rootid) { + switch (vpath.size()) { + case 1: + return true; + + case 2: + break; + + default: + error.Format(db_domain, DB_NOT_FOUND, + "Not found"); + return false; + } + if (visit_song) { UPnPDirObject dirent; if (!ReadNode(server, vpath.back().c_str(), dirent, error)) return false; + if (dirent.type != UPnPDirObject::Type::ITEM || + dirent.item_class != UPnPDirObject::ItemClass::MUSIC) { + error.Format(db_domain, DB_NOT_FOUND, + "Not found"); + return false; + } + std::string path = songPath(server.getFriendlyName(), dirent.m_id); if (!visitSong(std::move(dirent), path.c_str(), -- cgit v1.2.3