projects / project / uci.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: a4c7003)
some more input validation
authorFelix Fietkau <nbd@openwrt.org>
Wed, 30 Jul 2008 19:37:24 +0000 (21:37 +0200)
committerFelix Fietkau <nbd@openwrt.org>
Wed, 30 Jul 2008 19:53:30 +0000 (21:53 +0200)
file.c patch | blob | history
util.c patch | blob | history

diff --git a/file.c b/file.c
index c513c87..19c6b07 100644 (file)
--- a/file.c
+++ b/file.c
@@ -481,6 +481,9 @@ static char **uci_list_config_files(struct uci_context *ctx)
                if (!p)
                        continue;
 
                if (!p)
                        continue;
 
+               if (!uci_validate_name(p))
+                       continue;
+
                configs[i] = buf;
                strcpy(buf, p);
                buf += strlen(buf) + 1;
                configs[i] = buf;
                strcpy(buf, p);
                buf += strlen(buf) + 1;
diff --git a/util.c b/util.c
index 8542359..3358cdf 100644 (file)
--- a/util.c
+++ b/util.c
@@ -101,6 +101,16 @@ static inline bool uci_validate_name(const char *str)
        return uci_validate_str(str, true);
 }
 
        return uci_validate_str(str, true);
 }
 
+static inline bool uci_validate_text(const char *str)
+{
+       while (*str) {
+               if ((*str == '\r') || (*str == '\n') ||
+                       ((*str < 32) && (*str != '\t')))
+                       return false;
+       }
+       return true;
+}
+
 static void uci_alloc_parse_context(struct uci_context *ctx)
 {
        ctx->pctx = (struct uci_parse_context *) uci_malloc(ctx, sizeof(struct uci_parse_context));
 static void uci_alloc_parse_context(struct uci_context *ctx)
 {
        ctx->pctx = (struct uci_parse_context *) uci_malloc(ctx, sizeof(struct uci_parse_context));
@@ -124,6 +134,8 @@ int uci_parse_tuple(struct uci_context *ctx, char *str, char **package, char **s
                goto error;
 
        *section = strsep(&str, ".");
                goto error;
 
        *section = strsep(&str, ".");
+       *option = NULL;
+       *value = NULL;
        if (!*section)
                goto lastval;
 
        if (!*section)
                goto lastval;
 
@@ -145,6 +157,8 @@ lastval:
                goto error;
        if (*option && !uci_validate_name(*option))
                goto error;
                goto error;
        if (*option && !uci_validate_name(*option))
                goto error;
+       if (*value && !uci_validate_text(*value))
+               goto error;
 
        goto done;
 
 
        goto done;
 
OpenWrt Unified Configuration Interface