fat32_findfile: fix directory name lookup

crozone / ipodloader2

Bootloader for classic iPods. Supports Rockbox, iPod Linux, and stock iPod OS.

44 stars 1 forks source link

fat32_findfile: fix directory name lookup #6

Closed mklein-de closed 1 year ago

mklein-de commented 2 years ago

path traversal checked only if a directory entry name starts with the current directory element, e.g. looking for .r/rockbox.ipod would even match ./rockbox/rockbox.ipod because .rockbox begins with .r

crozone commented 2 years ago

Thanks for the PR! I'm just going through the process of verifying this bug and then testing this fix.

I'm thinking that an even more robust solution might be to implement an "exact string match" function in minilibc, which would be a trivial modification to the existing mlc_strncasecmp(). However your fix should be good enough for now.