[Spice-devel] [vdagent-win PATCH] Avoid to use names with invalid characters.
Christophe Fergeau
cfergeau at redhat.com
Mon Sep 5 08:48:36 UTC 2016
On Fri, Sep 02, 2016 at 04:43:53PM +0100, Frediano Ziglio wrote:
> Check if filename contains invalid characters.
Can you be more specific here about "invalid"? My guess is that these
are characters which are invalid in an NTFS filesystem.
> Also this avoid to use paths in the filename which could lead to some
> nasty hacks (like names like "..\hack.txt").
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> vdagent/file_xfer.cpp | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/vdagent/file_xfer.cpp b/vdagent/file_xfer.cpp
> index 0e90ebe..2072277 100644
> --- a/vdagent/file_xfer.cpp
> +++ b/vdagent/file_xfer.cpp
> @@ -65,6 +65,10 @@ void FileXfer::handle_start(VDAgentFileXferStartMessage* start,
> return;
> }
> vd_printf("%u %s (%" PRIu64 ")", start->id, file_name, file_size);
> + if (strcspn(file_name, "<>:\"/\\|?*") != strlen(file_name)) {
You could add ^ as well which is invalid on FAT. Apparently we could
check for trailing space or colon too.
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20160905/8aaa8a19/attachment-0001.sig>
More information about the Spice-devel
mailing list