diff options
| author | Philipp Kerling <pkerling@casix.org> | 2018-03-17 21:25:18 +0100 |
|---|---|---|
| committer | Philipp Kerling <pkerling@casix.org> | 2018-04-05 11:39:45 +0200 |
| commit | e7ec1be2e52538096dd70bfa715321f52b1129cd (patch) | |
| tree | ff06bb9bee312dca61c338fab5702018063cf600 | |
| parent | f923c805c14f7d5eae07a0af8f97b61611d7fe0e (diff) | |
[addons] Validate addon identifier
| -rw-r--r-- | xbmc/addons/AddonManager.cpp | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/xbmc/addons/AddonManager.cpp b/xbmc/addons/AddonManager.cpp index 60734eb999..3b7ae1989a 100644 --- a/xbmc/addons/AddonManager.cpp +++ b/xbmc/addons/AddonManager.cpp @@ -42,6 +42,11 @@ namespace ADDON void cp_fatalErrorHandler(const char *msg); void cp_logger(cp_log_severity_t level, const char *msg, const char *apid, void *user_data); +namespace { +// Note that all of these characters are url-safe +const std::string VALID_ADDON_IDENTIFIER_CHARACTERS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_@!$"; +} + /********************************************************** * CAddonMgr * @@ -79,6 +84,15 @@ bool CAddonMgr::Factory(const cp_plugin_info_t* plugin, TYPE type, CAddonBuilder if (!plugin || !plugin->identifier) return false; + // Check addon identifier for forbidden characters + // The identifier is used e.g. in URLs so we shouldn't allow just + // any character to go through. + if (std::string{plugin->identifier}.find_first_not_of(VALID_ADDON_IDENTIFIER_CHARACTERS) != std::string::npos) + { + CLog::Log(LOGERROR, "Plugin identifier {} is invalid", plugin->identifier); + return false; + } + if (!PlatformSupportsAddon(plugin)) return false; |