mirror of
https://github.com/mpv-player/mpv
synced 2024-12-23 07:12:39 +00:00
player: don't let multiline filenames set options on resume
If --write-filename-in-watch-later-config is used, and the filename contains newline characters (as generally allowed on Unix), then the newline will be written to the resume file literally, and the parts after the newline character are interpreted as options. This is possibly security relevant. Change newline characters (and in fact any other special characters) to '_'. Reported as #1099 (this commit is a reimplementation of the proposed pull request). CC: @mpv-player/stable
This commit is contained in:
parent
caaeb15318
commit
d83a9f7f03
@ -287,8 +287,7 @@ void mp_write_watch_later_conf(struct MPContext *mpctx)
|
||||
|
||||
mp_mk_config_dir(mpctx->global, MP_WATCH_LATER_CONF);
|
||||
|
||||
conffile = mp_get_playback_resume_config_filename(mpctx->global,
|
||||
mpctx->filename);
|
||||
conffile = mp_get_playback_resume_config_filename(mpctx->global, filename);
|
||||
if (!conffile)
|
||||
goto exit;
|
||||
|
||||
@ -297,8 +296,12 @@ void mp_write_watch_later_conf(struct MPContext *mpctx)
|
||||
FILE *file = fopen(conffile, "wb");
|
||||
if (!file)
|
||||
goto exit;
|
||||
if (mpctx->opts->write_filename_in_watch_later_config)
|
||||
fprintf(file, "# %s\n", mpctx->filename);
|
||||
if (mpctx->opts->write_filename_in_watch_later_config) {
|
||||
char write_name[1024] = {0};
|
||||
for (int n = 0; filename[n] && n < sizeof(write_name) - 1; n++)
|
||||
write_name[n] = (unsigned char)filename[n] < 32 ? '_' : filename[n];
|
||||
fprintf(file, "# %s\n", write_name);
|
||||
}
|
||||
fprintf(file, "start=%f\n", pos);
|
||||
for (int i = 0; backup_properties[i]; i++) {
|
||||
const char *pname = backup_properties[i];
|
||||
|
Loading…
Reference in New Issue
Block a user