diff options
| author |  Nikias Bassen | 2011-01-11 05:20:28 +0100 |
|---|---|---|
| committer |  Martin Szulecki | 2011-04-11 19:42:20 +0200 |
| commit | 8c771ad2ee401bb098f0a437a3c86b68ea0bcde3 (patch) | |
| tree | c0f28937c538856c4658b3711cb7555a2dffa95d | |
| parent | 39a5eceaaebee5fd84cfa817e7f70d5bf26ba02a (diff) | |
| download | libimobiledevice-8c771ad2ee401bb098f0a437a3c86b68ea0bcde3.tar.gz libimobiledevice-8c771ad2ee401bb098f0a437a3c86b68ea0bcde3.tar.bz2 | |
idevicebackup4: add more error checking to mb2_handle_receive_files
| -rw-r--r-- | tools/idevicebackup4.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/tools/idevicebackup4.c b/tools/idevicebackup4.c index 40f1a83..7084669 100644 --- a/tools/idevicebackup4.c +++ b/tools/idevicebackup4.c @@ -757,10 +757,18 @@ static int mb2_handle_receive_files(plist_t message, const char *backup_dir) if (nlen == 0) { // we're done here break; + } else if (nlen > 4096) { + // too very long path + printf("ERROR: %s: too long device filename (%d)!\n", __func__, nlen); + break; } fname = (char*)malloc(nlen+1); r = 0; mobilebackup2_receive_raw(mobilebackup2, fname, nlen, &r); + if (r != nlen) { + printf("ERROR: %s: could not read device filename\n", __func__); + break; + } fname[r] = 0; // we don't need this name //printf("\n%s\n", fname); @@ -768,19 +776,35 @@ static int mb2_handle_receive_files(plist_t message, const char *backup_dir) nlen = 0; mobilebackup2_receive_raw(mobilebackup2, (char*)&nlen, 4, &r); nlen = GUINT32_FROM_BE(nlen); + if (nlen == 0) { + printf("ERROR: %s: zero-length backup filename!\n", __func__); + break; + } else if (nlen > 4096) { + printf("ERROR: %s: too long backup filename (%d)!\n", __func__, nlen); + break; + } fname = (char*)malloc(nlen+1); mobilebackup2_receive_raw(mobilebackup2, fname, nlen, &r); if (r != nlen) { - fprintf(stderr, "hmmm.... received %d from %d\n", r, nlen); + printf("ERROR: %s: could not receive backup filename!\n", __func__); + break; } fname[r] = 0; bname = g_build_path(G_DIR_SEPARATOR_S, backup_dir, fname, NULL); free(fname); nlen = 0; mobilebackup2_receive_raw(mobilebackup2, (char*)&nlen, 4, &r); + if (r != 4) { + printf("ERROR: %s: could not receive code length!\n", __func__); + break; + } nlen = GUINT32_FROM_BE(nlen); code = 0; mobilebackup2_receive_raw(mobilebackup2, &code, 1, &r); + if (r != 1) { + printf("ERROR: %s: could not receive code!\n", __func__); + break; + } /* TODO remove this */ if ((code != CODE_SUCCESS) && (code != CODE_FILE_DATA) && (code != CODE_ERROR_REMOTE)) { |