Commit e2ced9f0 authored by Frediano Ziglio's avatar Frediano Ziglio
Browse files

Avoid to use names with reserved characters.

Some characters are reserved and should not be used in Windows
independently by the file system used.
This avoid to use paths in the filename which could lead to some
nasty hacks (like names like "..\hack.txt").
The return statement cause the file transfer to be aborted with

":" is used to separate filenames from stream names and can be used
to create hidden streams. Also is used for drive separator (A:)
or device names (NUL:).
"/" and "\" are reserved for components (directory, filename, drive,
share, server) separators.
"*" and "?" are wildcards (which on Windows are supported by
different APIs too).
"<", ">", """ and "|" are reserved for shell usage.

More information on "Naming Files, Paths, and Namespaces" page at

This fixes also

Signed-off-by: Frediano Ziglio's avatarFrediano Ziglio <>
Acked-by: Christophe Fergeau's avatarChristophe Fergeau <>
parent 2aa6f16a
......@@ -33,6 +33,12 @@
#include "file_xfer.h"
#include "as_user.h"
":" /* streams and devices */ \
"/\\" /* components separator */ \
"?*" /* wildcards */ \
"<>\"|" /* reserved to shell */
void FileXfer::reset()
FileXferTasks::iterator iter;
......@@ -72,6 +78,10 @@ void FileXfer::handle_start(VDAgentFileXferStartMessage* start,
vd_printf("%u %s (%" PRIu64 ")", start->id, file_name, file_size);
if (strcspn(file_name, FILENAME_RESERVED_CHAR_LIST) != strlen(file_name)) {
vd_printf("filename contains invalid characters");
if (!as_user.begin()) {
vd_printf("as_user failed");
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment