projects
/
project
/
uci.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
a4c7003
)
some more input validation
author
Felix Fietkau
<nbd@openwrt.org>
Wed, 30 Jul 2008 19:37:24 +0000
(21:37 +0200)
committer
Felix Fietkau
<nbd@openwrt.org>
Wed, 30 Jul 2008 19:53:30 +0000
(21:53 +0200)
file.c
patch
|
blob
|
history
util.c
patch
|
blob
|
history
diff --git
a/file.c
b/file.c
index
c513c87
..
19c6b07
100644
(file)
--- a/
file.c
+++ b/
file.c
@@
-481,6
+481,9
@@
static char **uci_list_config_files(struct uci_context *ctx)
if (!p)
continue;
if (!p)
continue;
+ if (!uci_validate_name(p))
+ continue;
+
configs[i] = buf;
strcpy(buf, p);
buf += strlen(buf) + 1;
configs[i] = buf;
strcpy(buf, p);
buf += strlen(buf) + 1;
diff --git
a/util.c
b/util.c
index
8542359
..
3358cdf
100644
(file)
--- a/
util.c
+++ b/
util.c
@@
-101,6
+101,16
@@
static inline bool uci_validate_name(const char *str)
return uci_validate_str(str, true);
}
return uci_validate_str(str, true);
}
+static inline bool uci_validate_text(const char *str)
+{
+ while (*str) {
+ if ((*str == '\r') || (*str == '\n') ||
+ ((*str < 32) && (*str != '\t')))
+ return false;
+ }
+ return true;
+}
+
static void uci_alloc_parse_context(struct uci_context *ctx)
{
ctx->pctx = (struct uci_parse_context *) uci_malloc(ctx, sizeof(struct uci_parse_context));
static void uci_alloc_parse_context(struct uci_context *ctx)
{
ctx->pctx = (struct uci_parse_context *) uci_malloc(ctx, sizeof(struct uci_parse_context));
@@
-124,6
+134,8
@@
int uci_parse_tuple(struct uci_context *ctx, char *str, char **package, char **s
goto error;
*section = strsep(&str, ".");
goto error;
*section = strsep(&str, ".");
+ *option = NULL;
+ *value = NULL;
if (!*section)
goto lastval;
if (!*section)
goto lastval;
@@
-145,6
+157,8
@@
lastval:
goto error;
if (*option && !uci_validate_name(*option))
goto error;
goto error;
if (*option && !uci_validate_name(*option))
goto error;
+ if (*value && !uci_validate_text(*value))
+ goto error;
goto done;
goto done;