From e828bcf07c0602746dffcc9927c446d1fe4c3ad9 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Mon, 4 Feb 2008 22:56:03 +0100
Subject: [PATCH] improve validation, accept more characters in the section
 type

---
 file.c    |  4 +++-
 history.c |  2 +-
 list.c    |  4 ++--
 util.c    | 19 ++++++++++++++++---
 4 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/file.c b/file.c
index 8595972..c0141ac 100644
--- a/file.c
+++ b/file.c
@@ -342,7 +342,9 @@ static void uci_parse_config(struct uci_context *ctx, char **str)
 	/* command string null-terminated by strtok */
 	*str += strlen(*str) + 1;
 
-	type = next_arg(ctx, str, true, true);
+	type = next_arg(ctx, str, true, false);
+	if (!uci_validate_str(type, false))
+		uci_parse_error(ctx, type, "invalid character in field");
 	name = next_arg(ctx, str, false, true);
 	assert_eol(ctx, str);
 
diff --git a/history.c b/history.c
index 202d787..7ac8050 100644
--- a/history.c
+++ b/history.c
@@ -82,7 +82,7 @@ static void uci_parse_history_line(struct uci_context *ctx, struct uci_package *
 		goto error;
 	if (option && !uci_validate_name(option))
 		goto error;
-	if ((rename || (!option && !delete)) && !uci_validate_name(value))
+	if (rename && !uci_validate_str(value, (option || delete)))
 		goto error;
 
 	if (rename)
diff --git a/list.c b/list.c
index a0d50d1..24382c8 100644
--- a/list.c
+++ b/list.c
@@ -339,7 +339,7 @@ int uci_set_element_value(struct uci_context *ctx, struct uci_element **element,
 	list = e->list.prev;
 	switch(e->type) {
 	case UCI_TYPE_SECTION:
-		UCI_ASSERT(ctx, uci_validate_name(value));
+		UCI_ASSERT(ctx, uci_validate_str(value, false));
 		size = sizeof(struct uci_section);
 		s = uci_to_section(e);
 		section = e->name;
@@ -433,7 +433,7 @@ int uci_set(struct uci_context *ctx, struct uci_package *p, char *section, char
 		UCI_ASSERT(ctx, uci_validate_name(option));
 		UCI_ASSERT(ctx, value != NULL);
 	} else {
-		UCI_ASSERT(ctx, uci_validate_name(value));
+		UCI_ASSERT(ctx, uci_validate_str(value, false));
 	}
 
 	/*
diff --git a/util.c b/util.c
index bcf65aa..78b22cf 100644
--- a/util.c
+++ b/util.c
@@ -59,19 +59,32 @@ static char *uci_strdup(struct uci_context *ctx, const char *str)
 	return ptr;
 }
 
-static bool uci_validate_name(const char *str)
+/*
+ * validate strings for names and types, reject special characters
+ * for names, only alphanum and _ is allowed (shell compatibility)
+ * for types, we allow more characters
+ */
+static bool uci_validate_str(const char *str, bool name)
 {
 	if (!*str)
 		return false;
 
 	while (*str) {
-		if (!isalnum(*str) && (*str != '_'))
-			return false;
+		char c = *str;
+		if (!isalnum(c) && c != '_') {
+			if (name || (c < 33) || (c > 126))
+				return false;
+		}
 		str++;
 	}
 	return true;
 }
 
+static inline bool uci_validate_name(const char *str)
+{
+	return uci_validate_str(str, true);
+}
+
 static void uci_alloc_parse_context(struct uci_context *ctx)
 {
 	ctx->pctx = (struct uci_parse_context *) uci_malloc(ctx, sizeof(struct uci_parse_context));
-- 
2.11.0