s = filename_to_str(src);
while (*s) {
+ int sanitise = FALSE;
/* Let (bufp, len) be the string to append. */
bufp = buf; /* don't usually override this */
if (*s == '&') {
if (c != '&')
buf[size++] = c;
}
+ /* Never allow path separators - or any other illegal
+ * filename character - to come out of any of these
+ * auto-format directives. E.g. 'hostname' can contain
+ * colons, if it's an IPv6 address, and colons aren't
+ * legal in filenames on Windows. */
+ sanitise = TRUE;
} else {
buf[0] = *s++;
size = 1;
bufsize = (buflen + size) * 5 / 4 + 512;
buffer = sresize(buffer, bufsize, char);
}
- memcpy(buffer + buflen, bufp, size);
- buflen += size;
+ while (size-- > 0) {
+ char c = *bufp++;
+ if (sanitise)
+ c = filename_char_sanitise(c);
+ buffer[buflen++] = c;
+ }
}
buffer[buflen] = '\0';
Filename *filename_deserialise(void *data, int maxsize, int *used);
char *get_username(void); /* return value needs freeing */
char *get_random_data(int bytes); /* used in cmdgen.c */
+char filename_char_sanitise(char c); /* rewrite special pathname chars */
/*
* Exports and imports from timing.c.
return filename_from_str(data);
}
+char filename_char_sanitise(char c)
+{
+ if (c == '/')
+ return '.';
+ return c;
+}
+
#ifdef DEBUG
static FILE *debug_fp = NULL;
return filename_from_str(data);
}
+char filename_char_sanitise(char c)
+{
+ if (strchr("<>:\"/\\|?*", c))
+ return '.';
+ return c;
+}
+
#ifndef NO_SECUREZEROMEMORY
/*
* Windows implementation of smemclr (see misc.c) using SecureZeroMemory.