Fix OS command injection in fix_filename() - use allowlist for safe chars

Agent-Logs-Url: https://github.com/tbamud/tbamud/sessions/a9e10199-b353-440a-ba26-279f0d0e42bf

Co-authored-by: welcor <357770+welcor@users.noreply.github.com>

src/genolc.c

@@ -277,7 +277,10 @@ int sprintascii(char *out, bitvector_t bits)
   return j;
 }
 
-/* converts illegal filename chars into appropriate equivalents */ 
+/* converts illegal filename chars into appropriate equivalents.
+ * Uses an allowlist: alphanumerics, underscore, hyphen, and dot are kept;
+ * spaces are converted to underscores; all other characters (including shell
+ * metacharacters such as ; | & ` $ > < \n) are silently dropped. */ 
 static void fix_filename(const char *str, char *outbuf, size_t maxlen)
 { 
   const char *in = str;
@@ -285,21 +288,17 @@ static void fix_filename(const char *str, char *outbuf, size_t maxlen)
   int count = 0;
 
   while (*in) {
-    switch(*in) {
+    if (isalnum((unsigned char)*in) || *in == '_' || *in == '-' || *in == '.') {
-      case ' ': *out = '_'; out++; break;
+      /* Safe characters kept as-is */
-      case '(': *out = '{'; out++; break;
+      *out++ = *in;
-      case ')': *out = '}'; out++; break;
+      if (++count == maxlen - 1) break;
- 
+    } else if (*in == ' ') {
-      /* skip the following */ 
+      /* Spaces become underscores */
-      case '\'':             break; 
+      *out++ = '_';
-      case '"':              break; 
+      if (++count == maxlen - 1) break;
- 
+    }
-      /* Legal character */ 
+    /* All other characters, including shell metacharacters, are dropped */
-      default: *out = *in;  out++;break;
-    } 
     in++;
-    count++;
-    if (count == maxlen - 1) break;
   }
   *out = '\0';
 }