Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/pr/108'
Browse files Browse the repository at this point in the history
* origin/pr/108:
  qrexec-lib/pack: sanitize straight quotes in remote filenames
  qrexec-lib/pack: don't use curly quotes in error messages
  • Loading branch information
marmarek committed Dec 4, 2023
2 parents 42e9860 + 13a0ede commit 6a1a245
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions qrexec-lib/pack.c
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,9 @@ void notify_end_and_wait_for_result(void)
static void sanitize_remote_filename(char *untrusted_filename)
{
for (; *untrusted_filename; ++untrusted_filename) {
if (*untrusted_filename < ' ' || *untrusted_filename > '~')
if (*untrusted_filename < ' ' ||
*untrusted_filename > '~' ||
*untrusted_filename == '"')
*untrusted_filename = '_';
}
}
Expand Down Expand Up @@ -100,10 +102,10 @@ void wait_for_result(void)
if (hdr.error_code != 0) {
switch (hdr.error_code) {
case EEXIST:
call_error_handler("A file named “%s” already exists in QubesIncoming dir", last_filename);
call_error_handler("A file named \"%s\" already exists in QubesIncoming dir", last_filename);
break;
case EINVAL:
call_error_handler("File copy: Corrupted data from packer%s“%s”", last_filename_prefix, last_filename);
call_error_handler("File copy: Corrupted data from packer%s\"%s\"", last_filename_prefix, last_filename);
break;
case EDQUOT:
if (ignore_quota_error) {
Expand All @@ -113,7 +115,7 @@ void wait_for_result(void)
}
/* fallthrough */
default:
call_error_handler("File copy: %s%s%s",
call_error_handler("File copy: \"%s%s%s\"",
strerror(hdr.error_code), last_filename_prefix, last_filename);
}
}
Expand Down

0 comments on commit 6a1a245

Please sign in to comment.