From 41aae0e49764c4ed98b3d0bd3f7c5eab3f26e473 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Tue, 29 Jan 2008 19:00:21 +0100 Subject: [PATCH] more input validation --- file.c | 16 +++++++++------- util.c | 8 ++++---- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/file.c b/file.c index a78c5a7..e6722b2 100644 --- a/file.c +++ b/file.c @@ -238,7 +238,7 @@ done: /* * extract the next argument from the command line */ -static char *next_arg(struct uci_context *ctx, char **str, bool required) +static char *next_arg(struct uci_context *ctx, char **str, bool required, bool name) { char *val; char *ptr; @@ -248,6 +248,8 @@ static char *next_arg(struct uci_context *ctx, char **str, bool required) parse_str(ctx, str, &ptr); if (required && !*val) uci_parse_error(ctx, *str, "insufficient arguments"); + if (name && !uci_validate_name(val)) + uci_parse_error(ctx, val, "invalid character in field"); return val; } @@ -260,7 +262,7 @@ static void assert_eol(struct uci_context *ctx, char **str) { char *tmp; - tmp = next_arg(ctx, str, false); + tmp = next_arg(ctx, str, false, false); if (tmp && *tmp) uci_parse_error(ctx, *str, "too many arguments"); } @@ -309,7 +311,7 @@ static void uci_parse_package(struct uci_context *ctx, char **str, bool single) /* command string null-terminated by strtok */ *str += strlen(*str) + 1; - name = next_arg(ctx, str, true); + name = next_arg(ctx, str, true, true); assert_eol(ctx, str); if (single) return; @@ -336,8 +338,8 @@ static void uci_parse_config(struct uci_context *ctx, char **str) /* command string null-terminated by strtok */ *str += strlen(*str) + 1; - type = next_arg(ctx, str, true); - name = next_arg(ctx, str, false); + type = next_arg(ctx, str, true, true); + name = next_arg(ctx, str, false, true); assert_eol(ctx, str); ctx->pctx->section = uci_alloc_section(ctx->pctx->package, type, name); } @@ -356,8 +358,8 @@ static void uci_parse_option(struct uci_context *ctx, char **str) /* command string null-terminated by strtok */ *str += strlen(*str) + 1; - name = next_arg(ctx, str, true); - value = next_arg(ctx, str, true); + name = next_arg(ctx, str, true, true); + value = next_arg(ctx, str, true, false); assert_eol(ctx, str); uci_alloc_option(ctx->pctx->section, name, value); } diff --git a/util.c b/util.c index 85e87ab..ddb1331 100644 --- a/util.c +++ b/util.c @@ -51,7 +51,7 @@ static char *uci_strdup(struct uci_context *ctx, const char *str) return ptr; } -static bool validate_name(char *str) +static bool uci_validate_name(char *str) { if (!*str) return false; @@ -72,7 +72,7 @@ int uci_parse_tuple(struct uci_context *ctx, char *str, char **package, char **s UCI_ASSERT(ctx, str && package && section && option); *package = strtok(str, "."); - if (!*package || !validate_name(*package)) + if (!*package || !uci_validate_name(*package)) goto error; last = *package; @@ -99,9 +99,9 @@ lastval: goto error; } - if (*section && !validate_name(*section)) + if (*section && !uci_validate_name(*section)) goto error; - if (*option && !validate_name(*option)) + if (*option && !uci_validate_name(*option)) goto error; goto done; -- 2.25.1