diff options
author | Thomas Haller <thaller@redhat.com> | 2015-02-25 21:52:00 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2015-03-12 18:12:26 +0100 |
commit | 7b6759b76427868723f480fc3516d964df237542 (patch) | |
tree | ad144d09225378310dd5c7a16974858812ed0533 | |
parent | 15926e9eb359d84a4bc039e4a5e3c20604a3d4f7 (diff) | |
download | NetworkManager-7b6759b76427868723f480fc3516d964df237542.tar.gz |
keyfile: make reader more strict in handle_as_path()
When interpreting a blob as filename, ensure that it contains
no NUL character (except the last char).
-rw-r--r-- | src/settings/plugins/keyfile/reader.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/settings/plugins/keyfile/reader.c b/src/settings/plugins/keyfile/reader.c index 1a1d9663d3..d1ea6e2c27 100644 --- a/src/settings/plugins/keyfile/reader.c +++ b/src/settings/plugins/keyfile/reader.c @@ -777,14 +777,17 @@ handle_as_path (GBytes *bytes, if (data_len > 500 || data_len < 1) return FALSE; - /* If there's a trailing NULL tell g_utf8_validate() to to until the NULL */ - if (data[data_len - 1] == '\0') - validate_len = -1; - else + /* If there's a trailing zero tell g_utf8_validate() to validate until the zero */ + if (data[data_len - 1] == '\0') { + /* setting it to -1, would mean we accept data to contain NUL characters before the + * end. Don't accept any NUL in [0 .. data_len-1[ . */ + validate_len = data_len - 1; + } else validate_len = data_len; - if (g_utf8_validate ((const char *) data, validate_len, NULL) == FALSE) - return FALSE; + if ( validate_len == 0 + || g_utf8_validate ((const char *) data, validate_len, NULL) == FALSE) + return FALSE; /* Might be a bare path without the file:// prefix; in that case * if it's an absolute path, use that, otherwise treat it as a |