[iso] sanitize invalid FAT & NFTS filenames

* Also fix support for labels containing double quotes * Closes #135 * Closes #193
pbatard · Oct 26, 2013 · 5354d2f · 5354d2f
1 parent df44b26
commit 5354d2f
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 8 deletions.
diff --git a/src/format.c b/src/format.c
@@ -206,7 +206,7 @@ static void ToValidLabel(WCHAR* name, BOOL bFAT)
 {
 	size_t i, j, k;
 	BOOL found;
-	WCHAR unauthorized[] = L"*?,;:/\\|+=<>[]";
+	WCHAR unauthorized[] = L"*?,;:/\\|+=<>[]\"";
 	WCHAR to_underscore[] = L"\t.";
 
 	if (name == NULL)

diff --git a/src/iso.c b/src/iso.c
@@ -91,6 +91,25 @@ static __inline char* size_to_hr(int64_t size)
 	return str_size;
 }
 
+// Ensure filenames do not contain invalid FAT32 or NTFS characters
+static __inline BOOL sanitize_filename(char* filename)
+{
+	size_t i, j;
+	BOOL ret = FALSE;
+	char unauthorized[] = {'<', '>', ':', '|', '*', '?'};
+
+	// Must start after the drive part (D:\...) so that we don't eliminate the first column
+	for (i=2; i<safe_strlen(filename); i++) {
+		for (j=0; j<sizeof(unauthorized); j++) {
+			if (filename[i] == unauthorized[j]) {
+				filename[i] = '_';
+				ret = TRUE;
+			}
+		}
+	}
+	return ret;
+}
+
 static void log_handler (cdio_log_level_t level, const char *message)
 {
 	switch(level) {
@@ -222,7 +241,8 @@ static int udf_extract_files(udf_t *p_udf, udf_dirent_t *p_udf_dirent, const cha
 			}
 			// Replace slashes with backslashes and append the size to the path for UI display
 			nul_pos = safe_strlen(psz_fullpath);
-			for (i=0; i<nul_pos; i++) if (psz_fullpath[i] == '/') psz_fullpath[i] = '\\';
+			for (i=0; i<nul_pos; i++)
+				if (psz_fullpath[i] == '/') psz_fullpath[i] = '\\';
 			safe_strcpy(&psz_fullpath[nul_pos], 24, size_to_hr(i_file_length));
 			uprintf("Extracting: %s\n", psz_fullpath);
 			SetWindowTextU(hISOFileName, psz_fullpath);
@@ -239,6 +259,8 @@ static int udf_extract_files(udf_t *p_udf, udf_dirent_t *p_udf_dirent, const cha
 			}
 			if (i < NB_OLD_C32)
 				continue;
+			if (sanitize_filename(psz_fullpath))
+				uprintf("  File name sanitized to '%s'\n", psz_fullpath);
 			file_handle = CreateFileU(psz_fullpath, GENERIC_READ | GENERIC_WRITE,
 				FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
 			if (file_handle == INVALID_HANDLE_VALUE) {
@@ -347,7 +369,8 @@ static int iso_extract_files(iso9660_t* p_iso, const char *psz_path)
 			}
 			// Replace slashes with backslashes and append the size to the path for UI display
 			nul_pos = safe_strlen(psz_fullpath);
-			for (i=0; i<nul_pos; i++) if (psz_fullpath[i] == '/') psz_fullpath[i] = '\\';
+			for (i=0; i<nul_pos; i++)
+				if (psz_fullpath[i] == '/') psz_fullpath[i] = '\\';
 			safe_strcpy(&psz_fullpath[nul_pos], 24, size_to_hr(i_file_length));
 			uprintf("Extracting: %s\n", psz_fullpath);
 			SetWindowTextU(hISOFileName, psz_fullpath);
@@ -365,6 +388,8 @@ static int iso_extract_files(iso9660_t* p_iso, const char *psz_path)
 			}
 			if (i < NB_OLD_C32)
 				continue;
+			if (sanitize_filename(psz_fullpath))
+				uprintf("  File name sanitized to '%s'\n", psz_fullpath);
 			file_handle = CreateFileU(psz_fullpath, GENERIC_READ | GENERIC_WRITE,
 				FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
 			if (file_handle == INVALID_HANDLE_VALUE) {

diff --git a/src/rufus.rc b/src/rufus.rc
@@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 206, 329
 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_APPWINDOW
-CAPTION "Rufus v1.4.0.294"
+CAPTION "Rufus v1.4.0.295"
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
 BEGIN
     DEFPUSHBUTTON   "Start",IDC_START,94,291,50,14
@@ -285,8 +285,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,4,0,294
- PRODUCTVERSION 1,4,0,294
+ FILEVERSION 1,4,0,295
+ PRODUCTVERSION 1,4,0,295
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -303,13 +303,13 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "1.4.0.294"
+            VALUE "FileVersion", "1.4.0.295"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "� 2011-2013 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html"
             VALUE "OriginalFilename", "rufus.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "1.4.0.294"
+            VALUE "ProductVersion", "1.4.0.295"
         END
     END
     BLOCK "VarFileInfo"