# HG changeset patch # User Mychaela Falconia # Date 1672527323 0 # Node ID 74d284add54d6b3fc9e23431c46ec8590c294f64 # Parent 0306449ba4678e7d56c682ba8340487fc39d9722 fc-fsio: guard against bogus readdir results from the target If the FFS being operated on contains SE K2x0 extended filenames, readdir will return strings that are bad for printing. We need to guard against this possibility, and also against possible other bogosity that could be sent by other alien firmwares. diff -r 0306449ba467 -r 74d284add54d rvinterf/etmsync/fileio.c --- a/rvinterf/etmsync/fileio.c Sat Dec 31 21:08:05 2022 +0000 +++ b/rvinterf/etmsync/fileio.c Sat Dec 31 22:55:23 2022 +0000 @@ -300,7 +300,7 @@ if (rvi_msg[5] != 4) goto malformed; slen = rvi_msg[10]; - if (slen < 2 || rvi_msg_len != slen + 12) + if (slen < 2 || rvi_msg_len != slen + 12 || !rvi_msg[11]) goto malformed; if (slen > namebuflen) { printf("error: readdir response exceeds provided buffer\n"); diff -r 0306449ba467 -r 74d284add54d rvinterf/etmsync/fsbasics.c --- a/rvinterf/etmsync/fsbasics.c Sat Dec 31 21:08:05 2022 +0000 +++ b/rvinterf/etmsync/fsbasics.c Sat Dec 31 22:55:23 2022 +0000 @@ -41,6 +41,26 @@ return(0); } +void +safe_print_ls_name(name) + char *name; +{ + char *p; + int c; + + p = name; + while (c = *p++) { + if (c == '\\') { + putchar('\\'); + putchar('\\'); + } else if (c >= ' ' && c <= '~') + putchar(c); + else + printf("\\x%02X", c); + } + putchar('\n'); +} + do_ls_short(lsarg) char *lsarg; { @@ -59,7 +79,7 @@ rc = do_readdir(state, namebuf, sizeof namebuf); if (rc) return(rc); - printf("%s\n", namebuf); + safe_print_ls_name(namebuf); } return(0); } diff -r 0306449ba467 -r 74d284add54d rvinterf/etmsync/fsread.c --- a/rvinterf/etmsync/fsread.c Sat Dec 31 21:08:05 2022 +0000 +++ b/rvinterf/etmsync/fsread.c Sat Dec 31 22:55:23 2022 +0000 @@ -50,6 +50,20 @@ } } +ls_is_sane(name) + char *name; +{ + char *cp; + int c; + + cp = name; + while (c = *cp++) { + if (c < '!' || c > '~') + return(0); + } + return(1); +} + do_ls_long(lsarg) char *lsarg; { @@ -87,6 +101,10 @@ printf("error: readdir result contains a slash\n"); return(ERROR_TARGET); } + if (!ls_is_sane(rdbuf)) { + printf("error: readdir result contains non-printable chars\n"); + return(ERROR_TARGET); + } strcpy(childp, rdbuf); rc = do_xlstat(childpath, &stat); if (rc) { @@ -235,6 +253,10 @@ printf("error: readdir result contains a slash\n"); return(ERROR_TARGET); } + if (!ls_is_sane(rdbuf)) { + printf("error: readdir result contains non-printable chars\n"); + return(ERROR_TARGET); + } strcpy(childp, rdbuf); if (rdbuf[0] == '.') { printf("skipping %s\n", ffspath_child);