[MPlayer-dev-eng] [PATCH] loader/win32.c cleanup of CreateFile should fix vp6vfw 2nd pass encoding on linux
Gianluigi Tiesi
mplayer at netfarm.it
Mon Sep 17 03:12:55 CEST 2007
revised a bit, dest[MAX_PATH] = 0; should go after strncat
or it will be pointless,
strlen on filename is pointless too
I've added a directory traversal check, if the string
has .. then it return -1
the check is made on dest array beacause it's safe
while lpFileName could not be NULL terminated
Regards
--
Gianluigi Tiesi <sherpya at netfarm.it>
EDP Project Leader
Netfarm S.r.l. - http://www.netfarm.it/
Free Software: http://oss.netfarm.it/
-------------- next part --------------
Index: loader/win32.c
===================================================================
--- loader/win32.c (revision 24551)
+++ loader/win32.c (working copy)
@@ -3486,102 +3486,63 @@
// They try to open APmpeg4v1.apl with it.
// DLL will close opened file with CloseHandle().
//
-static HANDLE WINAPI expCreateFileA(LPCSTR cs1,DWORD i1,DWORD i2,
- LPSECURITY_ATTRIBUTES p1, DWORD i3,DWORD i4,HANDLE i5)
+// refer to http://msdn2.microsoft.com/en-us/library/aa363858.aspx
+// for CreateFile flags
+static HANDLE WINAPI expCreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess,
+ DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes,
+ DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes,
+ HANDLE hTemplateFile)
{
- dbgprintf("CreateFileA(0x%x='%s', %d, %d, 0x%x, %d, %d, 0x%x)\n", cs1, cs1, i1,
- i2, p1, i3, i4, i5);
- if((!cs1) || (strlen(cs1)<2))return -1;
+ char dest[MAX_PATH + 1] = "/tmp/";
+ char *p = dest + 5;
+ int flags = 0;
-#ifdef QTX
- if(strstr(cs1, "QuickTime.qts"))
- {
- int result;
- char* tmp=malloc(strlen(def_path)+50);
- strcpy(tmp, def_path);
- strcat(tmp, "/");
- strcat(tmp, "QuickTime.qts");
- result=open(tmp, O_RDONLY);
- free(tmp);
- return result;
- }
- if(strstr(cs1, ".qtx"))
- {
- int result;
- char* tmp=malloc(strlen(def_path)+250);
- char* x=strrchr(cs1,'\\');
- sprintf(tmp,"%s/%s",def_path,x?(x+1):cs1);
-// printf("### Open: %s -> %s\n",cs1,tmp);
- result=open(tmp, O_RDONLY);
- free(tmp);
- return result;
- }
-#endif
+ dbgprintf("CreateFileA() - Filename %s - dwDesiredAccess 0x%08x - dwCreationDisposition 0x%08x\n",
+ lpFileName, dwDesiredAccess, dwCreationDisposition);
- if(strncmp(cs1, "AP", 2) == 0)
- {
- int result;
- char* tmp=malloc(strlen(def_path)+50);
- strcpy(tmp, def_path);
- strcat(tmp, "/");
- strcat(tmp, "APmpg4v1.apl");
- result=open(tmp, O_RDONLY);
- free(tmp);
- return result;
- }
- if (strstr(cs1, "vp3"))
- {
- int r;
- int flg = 0;
- char* tmp=malloc(20 + strlen(cs1));
- strcpy(tmp, "/tmp/");
- strcat(tmp, cs1);
- r = 4;
- while (tmp[r])
- {
- if (tmp[r] == ':' || tmp[r] == '\\')
- tmp[r] = '_';
- r++;
- }
- if (GENERIC_READ & i1)
- flg |= O_RDONLY;
- else if (GENERIC_WRITE & i1)
- {
- flg |= O_WRONLY;
- printf("Warning: openning filename %s %d (flags; 0x%x) for write\n", tmp, r, flg);
- }
- r=open(tmp, flg);
- free(tmp);
- return r;
- }
+ if (!lpFileName) return -1; /* lpFileName is NULL */
- // Needed by wnvplay1.dll
- if (strstr(cs1, "WINNOV.bmp"))
+ strncat(dest, lpFileName, MAX_PATH);
+ dest[MAX_PATH] = 0;
+
+ if (strstr(dest, "..")) return -1; /* avoid directory traversal */
+
+ /* Sanitize the filename */
+ while (*p)
{
- int r;
- r=open("/dev/null", 0);
- return r;
+ if ((*p == '/') || (*p == '\\') || (*p == ':'))
+ *p = '_';
+ p++;
}
-#if 0
- /* we need this for some virtualdub filters */
+ /* Desidered Access */
+ if ((dwDesiredAccess & GENERIC_READ) &&
+ (dwDesiredAccess & GENERIC_WRITE))
+ flags |= O_RDWR;
+
+ if (dwDesiredAccess & GENERIC_READ) flags |= O_RDONLY;
+ if (dwDesiredAccess & GENERIC_WRITE) flags |= O_WRONLY;
+
+ /* Creation Disposition */
+ switch (dwCreationDisposition)
{
- int r;
- int flg = 0;
- if (GENERIC_READ & i1)
- flg |= O_RDONLY;
- else if (GENERIC_WRITE & i1)
- {
- flg |= O_WRONLY;
- printf("Warning: openning filename %s %d (flags; 0x%x) for write\n", cs1, r, flg);
- }
- r=open(cs1, flg);
- return r;
+ case CREATE_ALWAYS:
+ flags |= O_CREAT | O_TRUNC;
+ break;
+ case CREATE_NEW:
+ flags |= O_CREAT | O_EXCL;
+ break;
+ case TRUNCATE_EXISTING:
+ flags |= O_TRUNC;
+ break;
+ case OPEN_ALWAYS: /* flags ? */
+ case OPEN_EXISTING: /* flags ? */
+ default:
+ break;
}
-#endif
-
- return atoi(cs1+2);
+ return open(dest, flags);
}
+
static UINT WINAPI expGetSystemDirectoryA(
char* lpBuffer, // address of buffer for system directory
UINT uSize // size of directory buffer
@@ -3660,7 +3621,7 @@
static DWORD WINAPI expSetFilePointer(HANDLE h, LONG val, LPLONG ext, DWORD whence)
{
int wh;
- dbgprintf("SetFilePointer(%d, 0x%x, 0x%x = %d, %d)\n", h, val, ext, *ext, whence);
+ dbgprintf("SetFilePointer(%d, 0x%x, 0x%x = %d, %d)\n", h, val, ext, ext ? *ext : NULL, whence);
//why would DLL want temporary file with >2Gb size?
switch(whence)
{
More information about the MPlayer-dev-eng
mailing list