On Fri, Sep 02, 2016 at 04:43:53PM +0100, Frediano Ziglio wrote:
> Check if filename contains invalid characters.
Can you be more specific here about "invalid"? My guess is that these
are characters which are invalid in an NTFS filesystem.
> Also this avoid to use paths in the filename which could lead to some
> nasty hacks (like names like "..\hack.txt").
>
> Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
> ---
> vdagent/file_xfer.cpp | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/vdagent/file_xfer.cpp b/vdagent/file_xfer.cpp
> index 0e90ebe..2072277 100644
> --- a/vdagent/file_xfer.cpp
> +++ b/vdagent/file_xfer.cpp
> @@ -65,6 +65,10 @@ void FileXfer::handle_start(VDAgentFileXferStartMessage* start,
> return;
> }
> vd_printf("%u %s (%" PRIu64 ")", start->id, file_name, file_size);
> + if (strcspn(file_name, "<>:\"/\\|?*") != strlen(file_name)) {
You could add ^ as well which is invalid on FAT. Apparently we could
check for trailing space or colon too.
Christophe
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel