diff --git a/src/LabelTrack.cpp b/src/LabelTrack.cpp index 96e6a9b1e..27c5a0ed0 100644 --- a/src/LabelTrack.cpp +++ b/src/LabelTrack.cpp @@ -2327,7 +2327,8 @@ bool LabelTrack::HandleXMLTag(const wxChar *tag, const wxChar **attrs) break; const wxString strValue = value; - if (!XMLValueChecker::IsGoodString(strValue)) + // Bug 1905 was about long label strings. + if (!XMLValueChecker::IsGoodLongString(strValue)) { return false; } diff --git a/src/xml/XMLTagHandler.cpp b/src/xml/XMLTagHandler.cpp index 9321b8b2f..29d0de5f6 100644 --- a/src/xml/XMLTagHandler.cpp +++ b/src/xml/XMLTagHandler.cpp @@ -39,6 +39,7 @@ #include "../SampleFormat.h" #include "../Track.h" +// Length check. Is in part about not supplying malicious strings to file functions. bool XMLValueChecker::IsGoodString(const wxString & str) { size_t len = str.Length(); @@ -50,6 +51,13 @@ bool XMLValueChecker::IsGoodString(const wxString & str) return false; // good place for a breakpoint } +// No length check, as e.g. labels could be very long. +bool XMLValueChecker::IsGoodLongString(const wxString & str) +{ + return str.Find('\0', false) == -1; // No null characters except terminator. +} + + // "Good" means the name is well-formed and names an existing file or folder. bool XMLValueChecker::IsGoodFileName(const wxString & strFileName, const wxString & strDirName /* = "" */) { diff --git a/src/xml/XMLTagHandler.h b/src/xml/XMLTagHandler.h index 6b3c1724e..9767eb27f 100644 --- a/src/xml/XMLTagHandler.h +++ b/src/xml/XMLTagHandler.h @@ -30,6 +30,8 @@ public: // These are used in HandleXMLTag and BuildFomXML methods to check the input for // security vulnerabilites, per the NGS report for UmixIt. static bool IsGoodString(const wxString & str); + // Labels are allowed to be very long. At some future date we will format long labels nicely. + static bool IsGoodLongString(const wxString & str); static bool IsGoodFileName(const wxString & strFileName, const wxString & strDirName = wxEmptyString); static bool IsGoodFileString(const wxString &str);