// Fill in the details.
fprintf(f, "Name = %s\n", argv[1]);
- if(netname)
+ if(check_netname(netname, true))
fprintf(f, "NetName = %s\n", netname);
fprintf(f, "ConnectTo = %s\n", myname);
}
if(!check_id(name)) {
- fprintf(stderr, "Invalid Name found in invitation: %s!\n", name);
+ fprintf(stderr, "Invalid Name found in invitation!\n");
return false;
}
- if(!netname)
+ if(!netname) {
netname = grep(data, "NetName");
+ if(netname && !check_netname(netname, true)) {
+ fprintf(stderr, "Unsafe NetName found in invitation!\n");
+ return false;
+ }
+ }
bool ask_netname = false;
char temp_netname[32];
netname = NULL;
}
- if(netname && (strpbrk(netname, "\\/") || *netname == '.')) {
+ if(netname && !check_netname(netname, false)) {
fprintf(stderr, "Invalid character in netname!\n");
return false;
}
+ if(netname && !check_netname(netname, true))
+ fprintf(stderr, "Warning: unsafe character in netname!\n");
+
return true;
}
return true;
}
+bool check_netname(const char *netname, bool strict) {
+ if(!netname || !*netname || *netname == '.')
+ return false;
+
+ for(const char *c = netname; *c; c++) {
+ if(iscntrl(*c))
+ return false;
+ if(*c == '/' || *c == '\\')
+ return false;
+ if(strict && strchr(" $%<>:`\"|?*", *c))
+ return false;
+ }
+
+ return true;
+}
+
/* Windows doesn't define HOST_NAME_MAX. */
#ifndef HOST_NAME_MAX
#define HOST_NAME_MAX 255
extern unsigned int bitfield_to_int(const void *bitfield, size_t size);
extern bool check_id(const char *);
+extern bool check_netname(const char *, bool strict);
char *replace_name(const char *name);
#endif /* __TINC_UTILS_H__ */
projects / oweals / tinc.git / commitdiff