From 38eaaecc9180ddcfd9780a72d977d7a7d66f0c96 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Sat, 26 Mar 2016 22:27:09 +0000 Subject: [PATCH] touch: Refuse to set an invalid image or lyrics ID. This makes the callback of the touch command fail the command if the given ID does not exist in the corresponding blob table. To this aim we call blob_get_name_by_id() to look up the ID. Since we are not interested in the name, the function now allows a NULL result pointer in which case it only checks whether the ID is valid. With this patch applied the attempt to set an invalid image or lyrics ID results in an error message like this: invalid image ID: 456565 remote: key not found in rbtree main: command failed --- aft.c | 16 ++++++++++++++++ blob.c | 6 ++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/aft.c b/aft.c index f14440e6..7374db58 100644 --- a/aft.c +++ b/aft.c @@ -2040,6 +2040,22 @@ static int com_touch_callback(struct afs_callback_arg *aca) .data = aca, .action = touch_audio_file }; + if (cto->image_id >= 0) { + ret = img_get_name_by_id(cto->image_id, NULL); + if (ret < 0) { + para_printf(&aca->pbout, "invalid image ID: %u\n", + cto->image_id); + return ret; + } + } + if (cto->lyrics_id >= 0) { + ret = lyr_get_name_by_id(cto->lyrics_id, NULL); + if (ret < 0) { + para_printf(&aca->pbout, "invalid lyrics ID: %u\n", + cto->lyrics_id); + return ret; + } + } if (cto->flags & TOUCH_FLAG_FNM_PATHNAME) pmd.fnmatch_flags |= FNM_PATHNAME; ret = for_each_matching_row(&pmd); diff --git a/blob.c b/blob.c index ca39de0d..737f1980 100644 --- a/blob.c +++ b/blob.c @@ -487,7 +487,8 @@ static int blob_get_name_by_id(struct osl_table *table, uint32_t id, struct osl_object obj = {.data = &id, .size = sizeof(id)}; int ret; - *name = NULL; + if (name) + *name = NULL; if (!id) return 1; ret = osl(osl_get_row(table, BLOBCOL_ID, &obj, &row)); @@ -498,7 +499,8 @@ static int blob_get_name_by_id(struct osl_table *table, uint32_t id, return ret; if (*(char *)obj.data == '\0') return -E_DUMMY_ROW; - *name = (char *)obj.data; + if (name) + *name = (char *)obj.data; return 1; } -- 2.39.5