1
0
mirror of https://github.com/mpv-player/mpv synced 2024-12-23 07:12:39 +00:00

player: don't let multiline filenames set options on resume

If --write-filename-in-watch-later-config is used, and the filename
contains newline characters (as generally allowed on Unix), then the
newline will be written to the resume file literally, and the parts
after the newline character are interpreted as options.

This is possibly security relevant.

Change newline characters (and in fact any other special characters)
to '_'.

Reported as #1099 (this commit is a reimplementation of the proposed
pull request).

CC: @mpv-player/stable
This commit is contained in:
wm4 2014-09-16 18:23:01 +02:00
parent caaeb15318
commit d83a9f7f03

View File

@ -287,8 +287,7 @@ void mp_write_watch_later_conf(struct MPContext *mpctx)
mp_mk_config_dir(mpctx->global, MP_WATCH_LATER_CONF);
conffile = mp_get_playback_resume_config_filename(mpctx->global,
mpctx->filename);
conffile = mp_get_playback_resume_config_filename(mpctx->global, filename);
if (!conffile)
goto exit;
@ -297,8 +296,12 @@ void mp_write_watch_later_conf(struct MPContext *mpctx)
FILE *file = fopen(conffile, "wb");
if (!file)
goto exit;
if (mpctx->opts->write_filename_in_watch_later_config)
fprintf(file, "# %s\n", mpctx->filename);
if (mpctx->opts->write_filename_in_watch_later_config) {
char write_name[1024] = {0};
for (int n = 0; filename[n] && n < sizeof(write_name) - 1; n++)
write_name[n] = (unsigned char)filename[n] < 32 ? '_' : filename[n];
fprintf(file, "# %s\n", write_name);
}
fprintf(file, "start=%f\n", pos);
for (int i = 0; backup_properties[i]; i++) {
const char *pname = backup_properties[i];