better input validation

diff --git a/file.c b/file.c
index a3d08d2..7188a90 100644 (file)
--- a/file.c
+++ b/file.c
@@ -576,8 +576,10 @@ int uci_import(struct uci_context *ctx, FILE *stream, const char *name, struct u
         * the appropriate 'package <name>' string to specify the config name
         * NB: the config file can still override the package name
         */
-       if (name)
+       if (name) {
+               UCI_ASSERT(ctx, uci_validate_name(name));
                pctx->name = name;
+       }
 
        while (!feof(pctx->file)) {
                uci_getln(ctx, 0);
@@ -682,14 +684,14 @@ static void uci_parse_history_line(struct uci_context *ctx, struct uci_package *
        }
 
        UCI_INTERNAL(uci_parse_tuple, ctx, buf, &package, &section, &option, &value);
-       if (!package || !section || (!delete && !value))
-               goto error;
-       if (strcmp(package, p->e.name) != 0)
+       if (!package || (strcmp(package, p->e.name) != 0))
                goto error;
        if (!uci_validate_name(section))
                goto error;
        if (option && !uci_validate_name(option))
                goto error;
+       if ((rename || !delete) && !uci_validate_name(value))
+               goto error;
 
        if (rename)
                UCI_INTERNAL(uci_rename, ctx, p, section, option, value);
@@ -741,6 +743,7 @@ static void uci_load_history(struct uci_context *ctx, struct uci_package *p, boo
 
        if (!p->confdir)
                return;
+
        if ((asprintf(&filename, "%s/%s", UCI_SAVEDIR, p->e.name) < 0) || !filename)
                UCI_THROW(ctx, UCI_ERR_MEM);
 
@@ -766,8 +769,7 @@ static char *uci_config_path(struct uci_context *ctx, const char *name)
 {
        char *filename;
 
-       if (strchr(name, '/'))
-               UCI_THROW(ctx, UCI_ERR_INVAL);
+       UCI_ASSERT(ctx, uci_validate_name(name));
        filename = uci_malloc(ctx, strlen(name) + sizeof(UCI_CONFDIR) + 2);
        sprintf(filename, UCI_CONFDIR "/%s", name);
 
@@ -796,7 +798,6 @@ int uci_load(struct uci_context *ctx, const char *name, struct uci_package **pac
                break;
        default:
                /* config in /etc/config */
-               UCI_ASSERT(ctx, uci_validate_name(name));
                filename = uci_config_path(ctx, name);
                confdir = true;
                break;

diff --git a/list.c b/list.c
index 66e83ec..3fc6076 100644 (file)
--- a/list.c
+++ b/list.c
@@ -241,7 +241,9 @@ int uci_lookup(struct uci_context *ctx, struct uci_element **res, struct uci_pac
        UCI_HANDLE_ERR(ctx);
        UCI_ASSERT(ctx, res != NULL);
        UCI_ASSERT(ctx, p != NULL);
-       UCI_ASSERT(ctx, section != NULL);
+       UCI_ASSERT(ctx, uci_validate_name(section));
+       if (option)
+               UCI_ASSERT(ctx, uci_validate_name(option));
 
        e = uci_lookup_list(ctx, &p->sections, section);
        if (!e)
@@ -322,9 +324,7 @@ int uci_set_element_value(struct uci_context *ctx, struct uci_element **element,
        int size;
 
        UCI_HANDLE_ERR(ctx);
-       UCI_ASSERT(ctx, value != NULL);
-       UCI_ASSERT(ctx, element != NULL);
-       UCI_ASSERT(ctx, *element != NULL);
+       UCI_ASSERT(ctx, (element != NULL) && (*element != NULL));
 
        /* what the 'value' of an element means depends on the type
         * for a section, the 'value' means its type
@@ -339,12 +339,14 @@ int uci_set_element_value(struct uci_context *ctx, struct uci_element **element,
        list = e->list.prev;
        switch(e->type) {
        case UCI_TYPE_SECTION:
+               UCI_ASSERT(ctx, uci_validate_name(value));
                size = sizeof(struct uci_section);
                s = uci_to_section(e);
                section = e->name;
                option = NULL;
                break;
        case UCI_TYPE_OPTION:
+               UCI_ASSERT(ctx, value != NULL);
                size = sizeof(struct uci_option);
                s = uci_to_option(e)->section;
                section = s->e.name;
@@ -385,9 +387,8 @@ int uci_rename(struct uci_context *ctx, struct uci_package *p, char *section, ch
        struct uci_element *e;
 
        UCI_HANDLE_ERR(ctx);
-       UCI_ASSERT(ctx, p != NULL);
-       UCI_ASSERT(ctx, section != NULL);
 
+       /* NB: p, section, option validated by uci_lookup */
        UCI_INTERNAL(uci_lookup, ctx, &e, p, section, option);
 
        if (!internal)
@@ -409,9 +410,8 @@ int uci_delete(struct uci_context *ctx, struct uci_package *p, char *section, ch
        struct uci_element *e;
 
        UCI_HANDLE_ERR(ctx);
-       UCI_ASSERT(ctx, p != NULL);
-       UCI_ASSERT(ctx, section != NULL);
 
+       /* NB: p, section, option validated by uci_lookup */
        UCI_INTERNAL(uci_lookup, ctx, &e, p, section, option);
 
        if (!internal)
@@ -431,8 +431,13 @@ int uci_set(struct uci_context *ctx, struct uci_package *p, char *section, char
 
        UCI_HANDLE_ERR(ctx);
        UCI_ASSERT(ctx, p != NULL);
-       UCI_ASSERT(ctx, section != NULL);
-       UCI_ASSERT(ctx, value != NULL);
+       UCI_ASSERT(ctx, uci_validate_name(section));
+       if (option) {
+               UCI_ASSERT(ctx, uci_validate_name(option));
+               UCI_ASSERT(ctx, value != NULL);
+       } else {
+               UCI_ASSERT(ctx, uci_validate_name(value));
+       }
 
        /*
         * look up the package, section and option (if set)