projects
/
project
/
uci.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
eadddde
)
more input validation
author
Felix Fietkau
<nbd@openwrt.org>
Tue, 29 Jan 2008 18:00:21 +0000
(19:00 +0100)
committer
Felix Fietkau
<nbd@openwrt.org>
Tue, 29 Jan 2008 18:00:21 +0000
(19:00 +0100)
file.c
patch
|
blob
|
history
util.c
patch
|
blob
|
history
diff --git
a/file.c
b/file.c
index
a78c5a7
..
e6722b2
100644
(file)
--- a/
file.c
+++ b/
file.c
@@
-238,7
+238,7
@@
done:
/*
* extract the next argument from the command line
*/
/*
* extract the next argument from the command line
*/
-static char *next_arg(struct uci_context *ctx, char **str, bool required)
+static char *next_arg(struct uci_context *ctx, char **str, bool required
, bool name
)
{
char *val;
char *ptr;
{
char *val;
char *ptr;
@@
-248,6
+248,8
@@
static char *next_arg(struct uci_context *ctx, char **str, bool required)
parse_str(ctx, str, &ptr);
if (required && !*val)
uci_parse_error(ctx, *str, "insufficient arguments");
parse_str(ctx, str, &ptr);
if (required && !*val)
uci_parse_error(ctx, *str, "insufficient arguments");
+ if (name && !uci_validate_name(val))
+ uci_parse_error(ctx, val, "invalid character in field");
return val;
}
return val;
}
@@
-260,7
+262,7
@@
static void assert_eol(struct uci_context *ctx, char **str)
{
char *tmp;
{
char *tmp;
- tmp = next_arg(ctx, str, false);
+ tmp = next_arg(ctx, str, false
, false
);
if (tmp && *tmp)
uci_parse_error(ctx, *str, "too many arguments");
}
if (tmp && *tmp)
uci_parse_error(ctx, *str, "too many arguments");
}
@@
-309,7
+311,7
@@
static void uci_parse_package(struct uci_context *ctx, char **str, bool single)
/* command string null-terminated by strtok */
*str += strlen(*str) + 1;
/* command string null-terminated by strtok */
*str += strlen(*str) + 1;
- name = next_arg(ctx, str, true);
+ name = next_arg(ctx, str, true
, true
);
assert_eol(ctx, str);
if (single)
return;
assert_eol(ctx, str);
if (single)
return;
@@
-336,8
+338,8
@@
static void uci_parse_config(struct uci_context *ctx, char **str)
/* command string null-terminated by strtok */
*str += strlen(*str) + 1;
/* command string null-terminated by strtok */
*str += strlen(*str) + 1;
- type = next_arg(ctx, str, true);
- name = next_arg(ctx, str, false);
+ type = next_arg(ctx, str, true
, true
);
+ name = next_arg(ctx, str, false
, true
);
assert_eol(ctx, str);
ctx->pctx->section = uci_alloc_section(ctx->pctx->package, type, name);
}
assert_eol(ctx, str);
ctx->pctx->section = uci_alloc_section(ctx->pctx->package, type, name);
}
@@
-356,8
+358,8
@@
static void uci_parse_option(struct uci_context *ctx, char **str)
/* command string null-terminated by strtok */
*str += strlen(*str) + 1;
/* command string null-terminated by strtok */
*str += strlen(*str) + 1;
- name = next_arg(ctx, str, true);
- value = next_arg(ctx, str, true);
+ name = next_arg(ctx, str, true
, true
);
+ value = next_arg(ctx, str, true
, false
);
assert_eol(ctx, str);
uci_alloc_option(ctx->pctx->section, name, value);
}
assert_eol(ctx, str);
uci_alloc_option(ctx->pctx->section, name, value);
}
diff --git
a/util.c
b/util.c
index
85e87ab
..
ddb1331
100644
(file)
--- a/
util.c
+++ b/
util.c
@@
-51,7
+51,7
@@
static char *uci_strdup(struct uci_context *ctx, const char *str)
return ptr;
}
return ptr;
}
-static bool validate_name(char *str)
+static bool
uci_
validate_name(char *str)
{
if (!*str)
return false;
{
if (!*str)
return false;
@@
-72,7
+72,7
@@
int uci_parse_tuple(struct uci_context *ctx, char *str, char **package, char **s
UCI_ASSERT(ctx, str && package && section && option);
*package = strtok(str, ".");
UCI_ASSERT(ctx, str && package && section && option);
*package = strtok(str, ".");
- if (!*package || !validate_name(*package))
+ if (!*package || !
uci_
validate_name(*package))
goto error;
last = *package;
goto error;
last = *package;
@@
-99,9
+99,9
@@
lastval:
goto error;
}
goto error;
}
- if (*section && !validate_name(*section))
+ if (*section && !
uci_
validate_name(*section))
goto error;
goto error;
- if (*option && !validate_name(*option))
+ if (*option && !
uci_
validate_name(*option))
goto error;
goto done;
goto error;
goto done;