From 4520534e6d5576f0647d03d6c573c5d7d45ccf6e Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Fri, 5 Feb 2016 01:44:27 -0500 Subject: tool_doswin: Improve sanitization processing - Add unit test 1604 to test the sanitize_file_name function. - Use -DCURL_STATICLIB when building libcurltool for unit testing. - Better detection of reserved DOS device names. - New flags to modify sanitize behavior: SANITIZE_ALLOW_COLONS: Allow colons SANITIZE_ALLOW_PATH: Allow path separators and colons SANITIZE_ALLOW_RESERVED: Allow reserved device names SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename - Restore sanitization of banned characters from user-specified outfile. Prior to this commit sanitization of a user-specified outfile was temporarily disabled in 2b6dadc because there was no way to allow path separators and colons through while replacing other banned characters. Now in such a case we call the sanitize function with SANITIZE_ALLOW_PATH which allows path separators and colons to pass through. Closes https://github.com/curl/curl/issues/624 Reported-by: Octavio Schroeder --- src/tool_operhlp.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/tool_operhlp.c') diff --git a/src/tool_operhlp.c b/src/tool_operhlp.c index 387dcb628..fb344f65d 100644 --- a/src/tool_operhlp.c +++ b/src/tool_operhlp.c @@ -29,6 +29,7 @@ #include "tool_cfgable.h" #include "tool_convert.h" +#include "tool_doswin.h" #include "tool_operhlp.h" #include "tool_metalink.h" @@ -151,6 +152,17 @@ CURLcode get_url_file_name(char **filename, const char *url) if(!*filename) return CURLE_OUT_OF_MEMORY; +#if defined(MSDOS) || defined(WIN32) + { + char *sanitized; + SANITIZEcode sc = sanitize_file_name(&sanitized, *filename, 0); + Curl_safefree(*filename); + if(sc) + return CURLE_URL_MALFORMAT; + *filename = sanitized; + } +#endif /* MSDOS || WIN32 */ + /* in case we built debug enabled, we allow an environment variable * named CURL_TESTDIR to prefix the given file name to put it into a * specific directory -- cgit v1.2.3