3 files changed, 140 insertions, 0 deletions

diff --git a/lib/util/Makemodule.am b/lib/util/Makemodule.am
index bc3d618..d37f2b1 100644
--- a/lib/util/Makemodule.am
+++ b/lib/util/Makemodule.am
@@ -10,6 +10,8 @@ libutil_a_SOURCES += include/util/w32threadwrap.h
 libutil_a_SOURCES += lib/util/threadpool_serial.c
 libutil_a_SOURCES += lib/util/is_memory_zero.c
 libutil_a_SOURCES += lib/util/mkdir_p.c
+libutil_a_SOURCES += lib/util/canonicalize_name.c
+libutil_a_SOURCES += lib/util/filename_sane.c
 libutil_a_CFLAGS = $(AM_CFLAGS)
 libutil_a_CPPFLAGS = $(AM_CPPFLAGS)
 
diff --git a/lib/util/canonicalize_name.c b/lib/util/canonicalize_name.c
new file mode 100644
index 0000000..534e89e
--- /dev/null
+++ b/lib/util/canonicalize_name.c
@@ -0,0 +1,60 @@
+/* SPDX-License-Identifier: LGPL-3.0-or-later */
+/*
+ * canonicalize_name.c
+ *
+ * Copyright (C) 2019 David Oberhollenzer <goliath@infraroot.at>
+ */
+#include "config.h"
+#include "util/util.h"
+
+static void normalize_slashes(char *filename)
+{
+	char *dst = filename, *src = filename;
+
+	while (*src == '/')
+		++src;
+
+	while (*src != '\0') {
+		if (*src == '/') {
+			while (*src == '/')
+				++src;
+			if (*src == '\0')
+				break;
+			*(dst++) = '/';
+		} else {
+			*(dst++) = *(src++);
+		}
+	}
+
+	*dst = '\0';
+}
+
+int canonicalize_name(char *filename)
+{
+	char *dst = filename, *src = filename;
+
+	normalize_slashes(filename);
+
+	while (*src != '\0') {
+		if (src[0] == '.') {
+			if (src[1] == '\0')
+				break;
+			if (src[1] == '/') {
+				src += 2;
+				continue;
+			}
+			if (src[1] == '.' && (src[2] == '/' || src[2] == '\0'))
+				return -1;
+		}
+
+		while (*src != '\0' && *src != '/')
+			*(dst++) = *(src++);
+
+		if (*src == '/')
+			*(dst++) = *(src++);
+	}
+
+	*dst = '\0';
+	normalize_slashes(filename);
+	return 0;
+}
diff --git a/lib/util/filename_sane.c b/lib/util/filename_sane.c
new file mode 100644
index 0000000..b52ce4d
--- /dev/null
+++ b/lib/util/filename_sane.c
@@ -0,0 +1,78 @@
+/* SPDX-License-Identifier: LGPL-3.0-or-later */
+/*
+ * filename_sane.c
+ *
+ * Copyright (C) 2019 David Oberhollenzer <goliath@infraroot.at>
+ */
+#include "config.h"
+#include "util/util.h"
+
+#include <string.h>
+
+#if defined(_WIN32) || defined(__WINDOWS__) || defined(TEST_WIN32)
+#ifdef _MSC_VER
+#define strncasecmp _strnicmp
+#define strcasecmp _stricmp
+#endif
+
+static const char *bad_names[] = {
+	"CON", "PRN", "AUX", "NUL",
+	"COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9",
+	"LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9",
+};
+
+static bool is_allowed_by_os(const char *name)
+{
+	size_t len, i;
+
+	for (i = 0; i < sizeof(bad_names) / sizeof(bad_names[0]); ++i) {
+		len = strlen(bad_names[i]);
+
+		if (strncasecmp(name, bad_names[i], len) != 0)
+			continue;
+
+		if (name[len] == '\0')
+			return false;
+
+		if (name[len] == '.' && strchr(name + len + 1, '.') == NULL)
+			return false;
+	}
+
+	return true;
+}
+#else
+static bool is_allowed_by_os(const char *name)
+{
+	(void)name;
+	return true;
+}
+#endif
+
+bool is_filename_sane(const char *name, bool check_os_specific)
+{
+	if (strcmp(name, ".") == 0 || strcmp(name, "..") == 0)
+		return false;
+
+	if (check_os_specific && !is_allowed_by_os(name))
+		return false;
+
+	while (*name != '\0') {
+		if (*name == '/')
+			return false;
+
+#if defined(_WIN32) || defined(__WINDOWS__) || defined(TEST_WIN32)
+		if (check_os_specific) {
+			if (*name == '<' || *name == '>' || *name == ':')
+				return false;
+			if (*name == '"' || *name == '|' || *name == '?')
+				return false;
+			if (*name == '*' || *name == '\\' || *name <= 31)
+				return false;
+		}
+#endif
+
+		++name;
+	}
+
+	return true;
+}