Sanitise bad characters in log file names.

On Windows, colons are illegal in filenames, because they're part of
the path syntax. But colons can appear in automatically constructed
log file names, if an IPv6 address is expanded from the &H placeholder.

Now we coerce any such illegal characters to '.', which is a bit of a
bodge but should at least cause a log file to be generated.

diff --git a/logging.c b/logging.c
index 19eb2cb3992fd22c387e6b6cacfc727edfc6edd3..563dcded510001f9bb223ccf7301648d02f8317a 100644 (file)
--- a/logging.c
+++ b/logging.c
@@ -446,6 +446,7 @@ static Filename *xlatlognam(Filename *src, char *hostname, int port,
     s = filename_to_str(src);
 
     while (*s) {
+        int sanitise = FALSE;
        /* Let (bufp, len) be the string to append. */
        bufp = buf;                    /* don't usually override this */
        if (*s == '&') {
@@ -478,6 +479,12 @@ static Filename *xlatlognam(Filename *src, char *hostname, int port,
                if (c != '&')
                    buf[size++] = c;
            }
+            /* Never allow path separators - or any other illegal
+             * filename character - to come out of any of these
+             * auto-format directives. E.g. 'hostname' can contain
+             * colons, if it's an IPv6 address, and colons aren't
+             * legal in filenames on Windows. */
+            sanitise = TRUE;
        } else {
            buf[0] = *s++;
            size = 1;
@@ -486,8 +493,12 @@ static Filename *xlatlognam(Filename *src, char *hostname, int port,
             bufsize = (buflen + size) * 5 / 4 + 512;
             buffer = sresize(buffer, bufsize, char);
         }
-       memcpy(buffer + buflen, bufp, size);
-       buflen += size;
+        while (size-- > 0) {
+            char c = *bufp++;
+            if (sanitise)
+                c = filename_char_sanitise(c);
+            buffer[buflen++] = c;
+        }
     }
     buffer[buflen] = '\0';
 

diff --git a/putty.h b/putty.h
index 4b22c38e80a28ef936ebebb57c0e1c341f66e5d7..cfdc81544a4efba4c353a3ce2f24a1ba185e7ee1 100644 (file)
--- a/putty.h
+++ b/putty.h
@@ -1322,6 +1322,7 @@ int filename_serialise(const Filename *f, void *data);
 Filename *filename_deserialise(void *data, int maxsize, int *used);
 char *get_username(void);             /* return value needs freeing */
 char *get_random_data(int bytes);      /* used in cmdgen.c */
+char filename_char_sanitise(char c);   /* rewrite special pathname chars */
 
 /*
  * Exports and imports from timing.c.

diff --git a/unix/uxmisc.c b/unix/uxmisc.c
index 2e13b3bb93e11e3d7c09c015f309a0e24d75caa0..a7a2fcb93576bf7248a409757458a41fdbe0b827 100644 (file)
--- a/unix/uxmisc.c
+++ b/unix/uxmisc.c
@@ -95,6 +95,13 @@ Filename *filename_deserialise(void *vdata, int maxsize, int *used)
     return filename_from_str(data);
 }
 
+char filename_char_sanitise(char c)
+{
+    if (c == '/')
+        return '.';
+    return c;
+}
+
 #ifdef DEBUG
 static FILE *debug_fp = NULL;
 

diff --git a/windows/winmisc.c b/windows/winmisc.c
index ce0a0d1d2a55e7fb8d545817a5330afb057fe7d3..f2e4f223595b4b73d642df1648223f282583d85a 100644 (file)
--- a/windows/winmisc.c
+++ b/windows/winmisc.c
@@ -71,6 +71,13 @@ Filename *filename_deserialise(void *vdata, int maxsize, int *used)
     return filename_from_str(data);
 }
 
+char filename_char_sanitise(char c)
+{
+    if (strchr("<>:\"/\\|?*", c))
+        return '.';
+    return c;
+}
+
 #ifndef NO_SECUREZEROMEMORY
 /*
  * Windows implementation of smemclr (see misc.c) using SecureZeroMemory.