diff -uNr libdigidoc-3.6.0.0/libdigidoc/DigiDocError.c libdigidoc-3.6.0.0p/libdigidoc/DigiDocError.c
--- libdigidoc-3.6.0.0/libdigidoc/DigiDocError.c 2012-07-02 08:57:22.000000000 +0300
+++ libdigidoc-3.6.0.0p/libdigidoc/DigiDocError.c 2013-08-28 19:08:10.109888635 +0300
@@ -182,6 +182,7 @@
/* ERR_DATAFILE_NOT_MANIFEST */ { "Datafile is not described in manifest.xml!", USER },
/* ERR_SIG_INVALID_PROFILE */ { "Signature does not correspond to profile in manifest.xml!", USER },
/* ERR_SIGNERS_CERT_NON_REPU */ { "Signers cert does not have non-repudiation bit set!", USER },
+/* ERR_DF_NAME */ { "Failed to parse DataFile name. Invalid file name!", USER },
/* */ {"", NO_ERRORS}
};
diff -uNr libdigidoc-3.6.0.0/libdigidoc/DigiDocError.h libdigidoc-3.6.0.0p/libdigidoc/DigiDocError.h
--- libdigidoc-3.6.0.0/libdigidoc/DigiDocError.h 2012-07-02 08:57:22.000000000 +0300
+++ libdigidoc-3.6.0.0p/libdigidoc/DigiDocError.h 2013-08-28 19:10:30.239884113 +0300
@@ -200,8 +200,9 @@
#define ERR_DATAFILE_NOT_MANIFEST 160
#define ERR_SIG_INVALID_PROFILE 161
#define ERR_SIGNERS_CERT_NON_REPU 162
+#define ERR_DF_NAME 163
-#define ERR_MAX 164 //number of error codes. Increment, if you add a new error code
+#define ERR_MAX 165 //number of error codes. Increment, if you add a new error code
#define ERROR_BUF_LENGTH 20
diff -uNr libdigidoc-3.6.0.0/libdigidoc/DigiDocSAXParser.c libdigidoc-3.6.0.0p/libdigidoc/DigiDocSAXParser.c
--- libdigidoc-3.6.0.0/libdigidoc/DigiDocSAXParser.c 2012-07-02 08:57:22.000000000 +0300
+++ libdigidoc-3.6.0.0p/libdigidoc/DigiDocSAXParser.c 2013-08-28 19:18:20.440567740 +0300
@@ -327,6 +327,11 @@
free(p); p = 0;
ddocDebug(4, "handleStartDataFile", "Filename in: \'%s\' out: \'%s\'",
atts[i+1], (char*)mbuf1.pMem);
+ if(strchr((char*)mbuf1.pMem, '/') || strchr((char*)mbuf1.pMem, '\\')) {
+ ddocDebug(1, "handleStartDataFile", "Invalid filename: \'%s\'", (char*)mbuf1.pMem);
+ SET_LAST_ERROR(ERR_DF_NAME);
+ return;
+ }
}
if(!strcmp((const char*)atts[i], "MimeType"))
mime = (const char*)atts[i+1];
