tool_doswin: Improve sanitization processing

- Add unit test 1604 to test the sanitize_file_name function.

- Use -DCURL_STATICLIB when building libcurltool for unit testing.

- Better detection of reserved DOS device names.

- New flags to modify sanitize behavior:

SANITIZE_ALLOW_COLONS: Allow colons
SANITIZE_ALLOW_PATH: Allow path separators and colons
SANITIZE_ALLOW_RESERVED: Allow reserved device names
SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename

- Restore sanitization of banned characters from user-specified outfile.

Prior to this commit sanitization of a user-specified outfile was
temporarily disabled in 2b6dadc because there was no way to allow path
separators and colons through while replacing other banned characters.
Now in such a case we call the sanitize function with
SANITIZE_ALLOW_PATH which allows path separators and colons to pass
through.


Closes https://github.com/curl/curl/issues/624
Reported-by: Octavio Schroeder

1 files changed, 12 insertions, 0 deletions

diff --git a/src/tool_operhlp.c b/src/tool_operhlp.c
index 387dcb628..fb344f65d 100644
--- a/src/tool_operhlp.c
+++ b/src/tool_operhlp.c
@@ -29,6 +29,7 @@
 
 #include "tool_cfgable.h"
 #include "tool_convert.h"
+#include "tool_doswin.h"
 #include "tool_operhlp.h"
 #include "tool_metalink.h"
 
@@ -151,6 +152,17 @@ CURLcode get_url_file_name(char **filename, const char *url)
   if(!*filename)
     return CURLE_OUT_OF_MEMORY;
 
+#if defined(MSDOS) || defined(WIN32)
+  {
+    char *sanitized;
+    SANITIZEcode sc = sanitize_file_name(&sanitized, *filename, 0);
+    Curl_safefree(*filename);
+    if(sc)
+      return CURLE_URL_MALFORMAT;
+    *filename = sanitized;
+  }
+#endif /* MSDOS || WIN32 */
+
   /* in case we built debug enabled, we allow an environment variable
    * named CURL_TESTDIR to prefix the given file name to put it into a
    * specific directory