Index: Components/FoE/Sources/EcsFoE_HandlerRegistry.c =================================================================== --- Components/FoE/Sources/EcsFoE_HandlerRegistry.c (revision 115407) +++ Components/FoE/Sources/EcsFoE_HandlerRegistry.c (working copy) @@ -6,6 +6,97 @@ #include "EcsFoE_Private.h" +static +char +EcsFoE_tolower(char c) +{ + if(c >= 'A' && c <= 'Z') + { + c += 'a' - 'A'; + } + return c; +} +/** @brief Compares the string with some pattern + * @param pPattern the string, which can contain glob symbols, it is a "pattern" + * @param uiPSize the size of the pPattern + * @param pString the string, which is compared with the "pattern" + * @param uiSSize the size of the pString + * @return TRUE if pString satisfies pPattern, ovrewise FALSE + */ +static +bool +EcsFoE_Glob_Match(char const *pPattern, uint32_t uiPSize, char const *pString, uint32_t uiSSize) +{ + char const *pBack_pat = NULL, *pBack_str = NULL; + if(uiSSize ==0 || uiPSize == 0) + return false; + for (;uiSSize>0;) { + char bS = EcsFoE_tolower(*pString++); + char bP = EcsFoE_tolower(*pPattern++); + uiSSize--; + uiPSize--; + switch (bP) { + case '?': /* Any symbol, just skip */ + if (uiSSize == 0) + return false; + break; + case '*': /* Any-length wildcard */ + if (uiPSize == 0) /* if the * is the last symbol in the pattern, then skip the rest */ + return true; + pBack_pat = pPattern; + pBack_str = --pString; /* for zero-length matching */ + break; + case '\\': /* consider the next * or ? as a sybol, not as the mask*/ + bP = *pPattern++; + uiPSize--; + /* fall through */ + default: /* Regular symbol */ + if (bS == bP) { + if (uiSSize == 0) + return true; + break; + } + if (uiSSize == 0 || !pBack_pat) + return false; + /* Try to find the rest of string after the * */ + pPattern = pBack_pat; + pString = ++pBack_str; + break; + } + } + return false; +} + + +/** @brief Check the filename is it allowed to use + * @param pFileName The Filename which is checking + * @param ulFileNameSize the lenght of the "FileName" + * @return FALSE if it is not allowed for usage, otherwise returns TRUE + */ +static +bool +EcsFoE_AdmissibilityCheck(const char *pFileName, uint32_t ulFileNameSize) +{ + + static const char *pForbiddenList[] = { + "fwupdate.zip", + "*.nxi*", + "*.nxe*", + "*.nai*", + "*.nae*", + "*.nxs", + "*\\*" + }; + + for (int i = 0; i < HIL_CNT_ELEMENT(pForbiddenList); i++) + { + if(EcsFoE_Glob_Match(pForbiddenList[i],strlen(pForbiddenList[i]),pFileName,ulFileNameSize)) /* if the name matches with the list ( the function returns TRUE) , then error */ + return false; + } + + return true; +} + /******************************************************************************/ bool EcsFoE_GetFileHandler( @@ -18,7 +109,7 @@ bool fSuccess = false; for(ptHandler = ptTaskData->ptRegisteredFilesList; NULL != ptHandler; ptHandler = ptHandler->ptNext) { - if(ptHandler->ulFileNameBytes == ulFileNameBytes && memcmp(ptHandler->pabFilename, pabFileName, ulFileNameBytes) == 0) + if(EcsFoE_Glob_Match((const char*)ptHandler->pabFilename,ptHandler->ulFileNameBytes, (const char*)pabFileName,ulFileNameBytes)) { break; } @@ -103,6 +194,12 @@ { ulFilenameBytes = 0; } + + if(!EcsFoE_AdmissibilityCheck((const char*)pabFilename,ulFilenameBytes)) + { + pfnCallback(pvCallbackUserData, ECS_ERROR_INVALID_PARAMETER, NULL); + } + if(NULL != pfnCallback) { /*lint -esym(429,ptJob) -esym(593,ptJob) */