|
Lines 157-162
Link Here
|
| 157 |
memcpy(SearchRecord->Filename, Entry->Filename, Entry->FilenameLength); |
157 |
memcpy(SearchRecord->Filename, Entry->Filename, Entry->FilenameLength); |
| 158 |
SearchRecord->Filename[Entry->FilenameLength] = 0; |
158 |
SearchRecord->Filename[Entry->FilenameLength] = 0; |
| 159 |
|
159 |
|
|
|
160 |
if (strstr(SearchRecord->Filename,"..") || |
| 161 |
strchr(SearchRecord->Filename, '/') || |
| 162 |
strchr(SearchRecord->Filename, '\\')) |
| 163 |
{ |
| 164 |
printf("Filename contains invalid characters\n"); |
| 165 |
exit(1); |
| 166 |
} |
| 167 |
|
| 160 |
// Copy file parameters in the search_rec |
168 |
// Copy file parameters in the search_rec |
| 161 |
SearchRecord->Attributes = Entry->FileAttributes; |
169 |
SearchRecord->Attributes = Entry->FileAttributes; |
| 162 |
SearchRecord->FileSize = ENDIAN_SAFE32(Entry->FileSize); |
170 |
SearchRecord->FileSize = ENDIAN_SAFE32(Entry->FileSize); |