From 6f96c4d2651ed59975354433267319d527490537 Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Wed, 18 Dec 2019 16:35:19 +0100 Subject: Move is_filename_sane to libfstree, add test cases Signed-off-by: David Oberhollenzer --- include/common.h | 2 -- include/fstree.h | 10 ++++++ lib/common/Makemodule.am | 2 +- lib/common/filename_sane.c | 77 --------------------------------------------- lib/fstree/Makemodule.am | 1 + lib/fstree/filename_sane.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++ tests/Makemodule.am | 12 +++++-- tests/filename_sane.c | 67 +++++++++++++++++++++++++++++++++++++++ 8 files changed, 167 insertions(+), 82 deletions(-) delete mode 100644 lib/common/filename_sane.c create mode 100644 lib/fstree/filename_sane.c create mode 100644 tests/filename_sane.c diff --git a/include/common.h b/include/common.h index 8b2c66c..bdb3837 100644 --- a/include/common.h +++ b/include/common.h @@ -132,8 +132,6 @@ void sqfs_writer_cleanup(sqfs_writer_t *sqfs); void sqfs_perror(const char *file, const char *action, int error_code); -bool is_filename_sane(const char *name, bool check_os_specific); - /* A wrapper around mkdir() that behaves like 'mkdir -p'. It tries to create every component of the given path and skips already existing entries. diff --git a/include/fstree.h b/include/fstree.h index 7bc92fd..4ff8c5f 100644 --- a/include/fstree.h +++ b/include/fstree.h @@ -181,4 +181,14 @@ char *fstree_get_path(tree_node_t *node); */ int canonicalize_name(char *filename); +/* + Returns true if a given filename is sane, false if it is not (e.g. contains + slashes or it is equal to '.' or '..'). + + If check_os_specific is true, this also checks if the filename contains + a character, or is equal to a name, that is black listed on the current OS. + E.g. on Windows, a file named "COM0" or "AUX" is a no-no. + */ +bool is_filename_sane(const char *name, bool check_os_specific); + #endif /* FSTREE_H */ diff --git a/lib/common/Makemodule.am b/lib/common/Makemodule.am index e97085b..696a169 100644 --- a/lib/common/Makemodule.am +++ b/lib/common/Makemodule.am @@ -5,7 +5,7 @@ libcommon_a_SOURCES += lib/common/compress.c lib/common/comp_opt.c libcommon_a_SOURCES += lib/common/data_writer.c include/common.h libcommon_a_SOURCES += lib/common/get_path.c lib/common/io_stdin.c libcommon_a_SOURCES += lib/common/writer.c lib/common/perror.c -libcommon_a_SOURCES += lib/common/mkdir_p.c lib/common/filename_sane.c +libcommon_a_SOURCES += lib/common/mkdir_p.c libcommon_a_CFLAGS = $(AM_CFLAGS) $(LZO_CFLAGS) if WITH_LZO diff --git a/lib/common/filename_sane.c b/lib/common/filename_sane.c deleted file mode 100644 index 56f1127..0000000 --- a/lib/common/filename_sane.c +++ /dev/null @@ -1,77 +0,0 @@ -/* SPDX-License-Identifier: GPL-3.0-or-later */ -/* - * filename_sane.c - * - * Copyright (C) 2019 David Oberhollenzer - */ -#include "common.h" - -#include - -#ifdef _WIN32 -#ifdef _MSC_VER -#define strncasecmp _strnicmp -#define strcasecmp _stricmp -#endif - -static const char *bad_names[] = { - "CON", "PRN", "AUX", "NUL", - "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", - "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9", -}; - -static bool is_allowed_by_os(const char *name) -{ - size_t len, i; - - for (i = 0; i < sizeof(bad_names) / sizeof(bad_names[0]); ++i) { - len = strlen(bad_names[i]); - - if (strncasecmp(name, bad_names[i], len) != 0) - continue; - - if (name[len] == '\0') - return false; - - if (name[len] == '.' && strchr(name + len + 1, '.') == NULL) - return false; - } - - return true; -} -#else -static bool is_allowed_by_os(const char *name) -{ - (void)name; - return true; -} -#endif - -bool is_filename_sane(const char *name, bool check_os_specific) -{ - if (strcmp(name, ".") == 0 || strcmp(name, "..") == 0) - return false; - - if (check_os_specific && !is_allowed_by_os(name)) - return false; - - while (*name != '\0') { - if (*name == '/' || *name == '\\') - return false; - -#ifdef _WIN32 - if (check_os_specific) { - if (*name == '<' || *name == '>' || *name == ':') - return false; - if (*name == '"' || *name == '|' || *name == '?') - return false; - if (*name == '*' || *name <= 31) - return false; - } -#endif - - ++name; - } - - return true; -} diff --git a/lib/fstree/Makemodule.am b/lib/fstree/Makemodule.am index 33b508c..31bcb31 100644 --- a/lib/fstree/Makemodule.am +++ b/lib/fstree/Makemodule.am @@ -6,6 +6,7 @@ libfstree_a_SOURCES += lib/fstree/add_by_path.c libfstree_a_SOURCES += include/fstree.h lib/fstree/internal.h libfstree_a_SOURCES += lib/fstree/source_date_epoch.c libfstree_a_SOURCES += lib/fstree/canonicalize_name.c +libfstree_a_SOURCES += lib/fstree/filename_sane.c libfstree_a_CFLAGS = $(AM_CFLAGS) libfstree_a_CPPFLAGS = $(AM_CPPFLAGS) diff --git a/lib/fstree/filename_sane.c b/lib/fstree/filename_sane.c new file mode 100644 index 0000000..b0f8c90 --- /dev/null +++ b/lib/fstree/filename_sane.c @@ -0,0 +1,78 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later */ +/* + * filename_sane.c + * + * Copyright (C) 2019 David Oberhollenzer + */ +#include "config.h" +#include "fstree.h" + +#include + +#if defined(_WIN32) || defined(__WINDOWS__) || defined(TEST_WIN32) +#ifdef _MSC_VER +#define strncasecmp _strnicmp +#define strcasecmp _stricmp +#endif + +static const char *bad_names[] = { + "CON", "PRN", "AUX", "NUL", + "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", + "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9", +}; + +static bool is_allowed_by_os(const char *name) +{ + size_t len, i; + + for (i = 0; i < sizeof(bad_names) / sizeof(bad_names[0]); ++i) { + len = strlen(bad_names[i]); + + if (strncasecmp(name, bad_names[i], len) != 0) + continue; + + if (name[len] == '\0') + return false; + + if (name[len] == '.' && strchr(name + len + 1, '.') == NULL) + return false; + } + + return true; +} +#else +static bool is_allowed_by_os(const char *name) +{ + (void)name; + return true; +} +#endif + +bool is_filename_sane(const char *name, bool check_os_specific) +{ + if (strcmp(name, ".") == 0 || strcmp(name, "..") == 0) + return false; + + if (check_os_specific && !is_allowed_by_os(name)) + return false; + + while (*name != '\0') { + if (*name == '/' || *name == '\\') + return false; + +#if defined(_WIN32) || defined(__WINDOWS__) || defined(TEST_WIN32) + if (check_os_specific) { + if (*name == '<' || *name == '>' || *name == ':') + return false; + if (*name == '"' || *name == '|' || *name == '?') + return false; + if (*name == '*' || *name <= 31) + return false; + } +#endif + + ++name; + } + + return true; +} diff --git a/tests/Makemodule.am b/tests/Makemodule.am index ec4e4c5..6853487 100644 --- a/tests/Makemodule.am +++ b/tests/Makemodule.am @@ -48,6 +48,12 @@ test_fstree_init_SOURCES = tests/fstree_init.c test_fstree_init_CPPFLAGS = $(AM_CPPFLAGS) -I$(top_srcdir)/lib/fstree test_fstree_init_LDADD = libfstree.a libcompat.a +test_filename_sane_SOURCES = tests/filename_sane.c lib/fstree/filename_sane.c + +test_filename_sane_w32_SOURCES = tests/filename_sane.c +test_filename_sane_w32_SOURCES += lib/fstree/filename_sane.c +test_filename_sane_w32_CPPFLAGS = $(AM_CPPFLAGS) -DTEST_WIN32=1 + test_tar_gnu_SOURCES = tests/tar_gnu.c test_tar_gnu_LDADD = libtar.a libcompat.a test_tar_gnu_CPPFLAGS = $(AM_CPPFLAGS) -DTESTPATH=$(top_srcdir)/tests/tar @@ -97,7 +103,8 @@ tar_fuzz_LDADD = libtar.a libcompat.a check_PROGRAMS += test_mknode_simple test_mknode_slink test_mknode_reg check_PROGRAMS += test_mknode_dir test_gen_inode_numbers test_add_by_path check_PROGRAMS += test_get_path test_fstree_sort test_fstree_from_file -check_PROGRAMS += test_fstree_init test_tar_ustar test_tar_pax test_tar_gnu +check_PROGRAMS += test_fstree_init test_filename_sane test_filename_sane_w32 +check_PROGRAMS += test_tar_ustar test_tar_pax test_tar_gnu check_PROGRAMS += test_tar_sparse_gnu test_tar_sparse_gnu1 test_tar_sparse_gnu2 check_PROGRAMS += test_tar_xattr_bsd test_tar_xattr_schily check_PROGRAMS += test_tar_xattr_schily_bin @@ -108,7 +115,8 @@ noinst_PROGRAMS += fstree_fuzz tar_fuzz TESTS += test_mknode_simple test_mknode_slink TESTS += test_mknode_reg test_mknode_dir test_gen_inode_numbers TESTS += test_add_by_path test_get_path test_fstree_sort test_fstree_from_file -TESTS += test_fstree_init test_tar_ustar test_tar_pax +TESTS += test_fstree_init test_filename_sane test_filename_sane_w32 +TESTS += test_tar_ustar test_tar_pax TESTS += test_tar_gnu test_tar_sparse_gnu test_tar_sparse_gnu1 TESTS += test_tar_sparse_gnu2 test_tar_xattr_bsd test_tar_xattr_schily TESTS += test_tar_xattr_schily_bin tests/cantrbry.sh tests/test_tar_sqfs.sh diff --git a/tests/filename_sane.c b/tests/filename_sane.c new file mode 100644 index 0000000..4d75326 --- /dev/null +++ b/tests/filename_sane.c @@ -0,0 +1,67 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later */ +/* + * filename_sane.c + * + * Copyright (C) 2019 David Oberhollenzer + */ +#include "config.h" +#include "fstree.h" + +#include +#include +#include +#include + +static const char *must_work[] = { + "foobar", + "test.txt", + NULL, +}; + +static const char *must_not_work[] = { + ".", + "..", + "/foo", + "\\foo", + "foo/", + "foo\\", + "foo/bar", + "foo\\bar", + NULL, +}; + +static const char *must_not_work_here[] = { +#if defined(_WIN32) || defined(__WINDOWS__) + "foo", "fo:o", "fo\"o", + "fo|o", "fo?o", "fo*o", "fo\ro", + "CON", "PRN", "AUX", "NUL", + "COM1", "COM2", "LPT1", "LPT2", + "con", "prn", "aux", "nul", + "com1", "com2", "lpt1", "lpt2", + "foo.AUX", "foo.NUL", "foo.aux", "foo.nul", + "NUL.txt", "nul.txt" +#endif + NULL, +}; + +int main(void) +{ + size_t i; + + for (i = 0; must_work[i] != NULL; ++i) { + assert(is_filename_sane(must_work[i], false)); + assert(is_filename_sane(must_work[i], true)); + } + + for (i = 0; must_not_work[i] != NULL; ++i) { + assert(!is_filename_sane(must_not_work[i], false)); + assert(!is_filename_sane(must_not_work[i], true)); + } + + for (i = 0; must_not_work_here[i] != NULL; ++i) { + assert( is_filename_sane(must_not_work_here[i], false)); + assert(!is_filename_sane(must_not_work_here[i], true)); + } + + return EXIT_SUCCESS; +} -- cgit v1.2.3