Merge remote-tracking branch 'origin/pr/108'

marmarek · marmarek · commit 6a1a2451e8c8 · 2023-12-04T02:45:46.000+01:00
* origin/pr/108:
  qrexec-lib/pack: sanitize straight quotes in remote filenames
  qrexec-lib/pack: don't use curly quotes in error messages
diff --git a/qrexec-lib/pack.c b/qrexec-lib/pack.c
@@ -55,7 +55,9 @@ void notify_end_and_wait_for_result(void)
 static void sanitize_remote_filename(char *untrusted_filename)
 {
     for (; *untrusted_filename; ++untrusted_filename) {
-        if (*untrusted_filename < ' ' || *untrusted_filename > '~')
+        if (*untrusted_filename < ' ' ||
+            *untrusted_filename > '~' ||
+            *untrusted_filename == '"')
             *untrusted_filename = '_';
     }
 }
@@ -100,10 +102,10 @@ void wait_for_result(void)
     if (hdr.error_code != 0) {
         switch (hdr.error_code) {
             case EEXIST:
-                call_error_handler("A file named “%s” already exists in QubesIncoming dir", last_filename);
+                call_error_handler("A file named \"%s\" already exists in QubesIncoming dir", last_filename);
                 break;
             case EINVAL:
-                call_error_handler("File copy: Corrupted data from packer%s“%s”", last_filename_prefix, last_filename);
+                call_error_handler("File copy: Corrupted data from packer%s\"%s\"", last_filename_prefix, last_filename);
                 break;
             case EDQUOT:
                 if (ignore_quota_error) {
@@ -113,7 +115,7 @@ void wait_for_result(void)
                 }
 		/* fallthrough */
             default:
-                call_error_handler("File copy: “%s%s%s”",
+                call_error_handler("File copy: \"%s%s%s\"",
                         strerror(hdr.error_code), last_filename_prefix, last_filename);
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,9 @@ void notify_end_and_wait_for_result(void)`
`55`	`55`	`static void sanitize_remote_filename(char *untrusted_filename)`
`56`	`56`	`{`
`57`	`57`	`for (; *untrusted_filename; ++untrusted_filename) {`
`58`		`- if (untrusted_filename < ' ' \|\| untrusted_filename > '~')`
	`58`	`+ if (*untrusted_filename < ' ' \|\|`
	`59`	`+ *untrusted_filename > '~' \|\|`
	`60`	`+ *untrusted_filename == '"')`
`59`	`61`	`*untrusted_filename = '_';`
`60`	`62`	`}`
`61`	`63`	`}`
`@@ -100,10 +102,10 @@ void wait_for_result(void)`
`100`	`102`	`if (hdr.error_code != 0) {`
`101`	`103`	`switch (hdr.error_code) {`
`102`	`104`	`case EEXIST:`
`103`		`- call_error_handler("A file named “%s” already exists in QubesIncoming dir", last_filename);`
	`105`	`+ call_error_handler("A file named \"%s\" already exists in QubesIncoming dir", last_filename);`
`104`	`106`	`break;`
`105`	`107`	`case EINVAL:`
`106`		`- call_error_handler("File copy: Corrupted data from packer%s“%s”", last_filename_prefix, last_filename);`
	`108`	`+ call_error_handler("File copy: Corrupted data from packer%s\"%s\"", last_filename_prefix, last_filename);`
`107`	`109`	`break;`
`108`	`110`	`case EDQUOT:`
`109`	`111`	`if (ignore_quota_error) {`
`@@ -113,7 +115,7 @@ void wait_for_result(void)`
`113`	`115`	`}`
`114`	`116`	`/* fallthrough */`
`115`	`117`	`default:`
`116`		`- call_error_handler("File copy: “%s%s%s”",`
	`118`	`+ call_error_handler("File copy: \"%s%s%s\"",`
`117`	`119`	`strerror(hdr.error_code), last_filename_prefix, last_filename);`
`118`	`120`	`}`
`119`	`121`	`}`