Browse Source

some more input validation

Felix Fietkau 15 years ago
parent
commit
8a06b55c63
2 changed files with 17 additions and 0 deletions
  1. 3 0
      file.c
  2. 14 0
      util.c

+ 3 - 0
file.c

@@ -481,6 +481,9 @@ static char **uci_list_config_files(struct uci_context *ctx)
 		if (!p)
 			continue;
 
+		if (!uci_validate_name(p))
+			continue;
+
 		configs[i] = buf;
 		strcpy(buf, p);
 		buf += strlen(buf) + 1;

+ 14 - 0
util.c

@@ -101,6 +101,16 @@ static inline bool uci_validate_name(const char *str)
 	return uci_validate_str(str, true);
 }
 
+static inline bool uci_validate_text(const char *str)
+{
+	while (*str) {
+		if ((*str == '\r') || (*str == '\n') ||
+			((*str < 32) && (*str != '\t')))
+			return false;
+	}
+	return true;
+}
+
 static void uci_alloc_parse_context(struct uci_context *ctx)
 {
 	ctx->pctx = (struct uci_parse_context *) uci_malloc(ctx, sizeof(struct uci_parse_context));
@@ -124,6 +134,8 @@ int uci_parse_tuple(struct uci_context *ctx, char *str, char **package, char **s
 		goto error;
 
 	*section = strsep(&str, ".");
+	*option = NULL;
+	*value = NULL;
 	if (!*section)
 		goto lastval;
 
@@ -145,6 +157,8 @@ lastval:
 		goto error;
 	if (*option && !uci_validate_name(*option))
 		goto error;
+	if (*value && !uci_validate_text(*value))
+		goto error;
 
 	goto done;