From 80b77808f373ac8ad906a73d64168e62b2c3c08c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 24 Apr 2026 10:22:33 +0000 Subject: [PATCH] Fix OS command injection in fix_filename() - use allowlist for safe chars Agent-Logs-Url: https://github.com/tbamud/tbamud/sessions/a9e10199-b353-440a-ba26-279f0d0e42bf Co-authored-by: welcor <357770+welcor@users.noreply.github.com> --- src/genolc.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/src/genolc.c b/src/genolc.c index c61622d..51ef422 100644 --- a/src/genolc.c +++ b/src/genolc.c @@ -277,7 +277,10 @@ int sprintascii(char *out, bitvector_t bits) return j; } -/* converts illegal filename chars into appropriate equivalents */ +/* converts illegal filename chars into appropriate equivalents. + * Uses an allowlist: alphanumerics, underscore, hyphen, and dot are kept; + * spaces are converted to underscores; all other characters (including shell + * metacharacters such as ; | & ` $ > < \n) are silently dropped. */ static void fix_filename(const char *str, char *outbuf, size_t maxlen) { const char *in = str; @@ -285,21 +288,17 @@ static void fix_filename(const char *str, char *outbuf, size_t maxlen) int count = 0; while (*in) { - switch(*in) { - case ' ': *out = '_'; out++; break; - case '(': *out = '{'; out++; break; - case ')': *out = '}'; out++; break; - - /* skip the following */ - case '\'': break; - case '"': break; - - /* Legal character */ - default: *out = *in; out++;break; - } + if (isalnum((unsigned char)*in) || *in == '_' || *in == '-' || *in == '.') { + /* Safe characters kept as-is */ + *out++ = *in; + if (++count == maxlen - 1) break; + } else if (*in == ' ') { + /* Spaces become underscores */ + *out++ = '_'; + if (++count == maxlen - 1) break; + } + /* All other characters, including shell metacharacters, are dropped */ in++; - count++; - if (count == maxlen - 1) break; } *out = '\0'; }