some more input validationv0.4.5

author: Felix Fietkau <nbd@openwrt.org> 2008-07-30 21:37:24 +0200
committer: Felix Fietkau <nbd@openwrt.org> 2008-07-30 21:53:30 +0200
commit: 8a06b55c63b13123ffcec33aff7f1fd752786dd1 (patch)
tree: 825c5fac038e7a4529357ff53c294086c2998128
parent: a4c7003b70fd3dc68cde5250ed74ee457bcecfe1 (diff)
download: uci-0.4.5.tar.gz
2 files changed, 17 insertions, 0 deletions
diff --git a/file.c b/file.c
index c513c87..19c6b07 100644
--- a/file.c
+++ b/file.c
@@ -481,6 +481,9 @@ static char **uci_list_config_files(struct uci_context *ctx)
 		if (!p)
 			continue;
 
+		if (!uci_validate_name(p))
+			continue;
+
 		configs[i] = buf;
 		strcpy(buf, p);
 		buf += strlen(buf) + 1;
diff --git a/util.c b/util.c
index 8542359..3358cdf 100644
--- a/util.c
+++ b/util.c
@@ -101,6 +101,16 @@ static inline bool uci_validate_name(const char *str)
 	return uci_validate_str(str, true);
 }
 
+static inline bool uci_validate_text(const char *str)
+{
+	while (*str) {
+		if ((*str == '\r') || (*str == '\n') ||
+			((*str < 32) && (*str != '\t')))
+			return false;
+	}
+	return true;
+}
+
 static void uci_alloc_parse_context(struct uci_context *ctx)
 {
 	ctx->pctx = (struct uci_parse_context *) uci_malloc(ctx, sizeof(struct uci_parse_context));
@@ -124,6 +134,8 @@ int uci_parse_tuple(struct uci_context *ctx, char *str, char **package, char **s
 		goto error;
 
 	*section = strsep(&str, ".");
+	*option = NULL;
+	*value = NULL;
 	if (!*section)
 		goto lastval;
 
@@ -145,6 +157,8 @@ lastval:
 		goto error;
 	if (*option && !uci_validate_name(*option))
 		goto error;
+	if (*value && !uci_validate_text(*value))
+		goto error;
 
 	goto done;
author	Felix Fietkau <nbd@openwrt.org>	2008-07-30 21:37:24 +0200
committer	Felix Fietkau <nbd@openwrt.org>	2008-07-30 21:53:30 +0200
commit	8a06b55c63b13123ffcec33aff7f1fd752786dd1 (patch)
tree	825c5fac038e7a4529357ff53c294086c2998128
parent	a4c7003b70fd3dc68cde5250ed74ee457bcecfe1 (diff)
download	uci-0.4.5.tar.gz