gen_path now rejects filenames that match Windows

device names such as CON, NUL, LPT1, etc. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3072 e7ae566f-a301-0410-adde-c780ea21d3b5
2024-12-03 22:54:17 +08:00 · 2008-07-17 22:41:15 +00:00 · 2008-07-17 22:41:15 +00:00 · 73b7e69884
commit 73b7e69884
parent 6ee8f6f8af
3 changed files with 72 additions and 1 deletions
--- a/misc.c
+++ b/misc.c
@ -35,6 +35,7 @@
 #include "manage.h"
 #include "crypto.h"
 #include "route.h"
+#include "win32.h"

 #include "memdbg.h"

@ -1114,7 +1115,11 @@ gen_path (const char *directory, const char *filename, struct gc_arena *gc)

  if (safe_filename
      && strcmp (safe_filename, ".")
-      && strcmp (safe_filename, ".."))
+      && strcmp (safe_filename, "..")
+#ifdef WIN32
+      && win_safe_filename (safe_filename)
+#endif
+      )
    {
      struct buffer out = alloc_buf_gc (256, gc);
      char dirsep[2];
--- a/win32.c
+++ b/win32.c
@ -753,4 +753,67 @@ getpass (const char *prompt)
    return NULL;
 }

+/*
+ * Return true if filename is safe to be used on Windows,
+ * by avoiding the following reserved names:
+ *
+ * CON, PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9,
+ * LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, LPT9, and CLOCK$
+ *
+ * See: http://msdn.microsoft.com/en-us/library/aa365247.aspx
+ *  and http://msdn.microsoft.com/en-us/library/86k9f82k(VS.80).aspx
+ */
+
+static bool
+cmp_prefix (const char *str, const bool n, const char *pre)
+{
+  const size_t len = strlen (pre);
+  size_t i = 0;
+
+  if (!str)
+    return false;
+
+  while (true)
+    {
+      const int c1 = pre[i];
+      int c2 = str[i];
+      ++i;
+      if (c1 == '\0')
+	{
+	  if (n)
+	    {
+	      if (isdigit (c2))
+		c2 = str[i];
+	      else
+		return false;
+	    }
+	  return c2 == '\0' || c2 == '.';
+	}
+      else if (c2 == '\0')
+	return false;
+      if (c1 != tolower(c2))
+	return false;
+    }
+}
+
+bool
+win_safe_filename (const char *fn)
+{
+  if (cmp_prefix (fn, false, "con"))
+    return false;
+  if (cmp_prefix (fn, false, "prn"))
+    return false;
+  if (cmp_prefix (fn, false, "aux"))
+    return false;
+  if (cmp_prefix (fn, false, "nul"))
+    return false;
+  if (cmp_prefix (fn, true, "com"))
+    return false;
+  if (cmp_prefix (fn, true, "lpt"))
+    return false;
+  if (cmp_prefix (fn, false, "clock$"))
+    return false;
+  return true;
+}
+
 #endif
--- a/win32.h
+++ b/win32.h
@ -247,5 +247,8 @@ char *getpass (const char *prompt);
 /* Set Win32 security attributes structure to allow all access */
 bool init_security_attributes_allow_all (struct security_attributes *obj);

+/* return true if filename is safe to be used on Windows */
+bool win_safe_filename (const char *fn);
+
 #endif
 #endif