diff options
author | Matt Ranostay <matt.ranostay@konsulko.com> | 2018-11-01 20:10:14 -0700 |
---|---|---|
committer | Matt Ranostay <matt.ranostay@konsulko.com> | 2018-11-23 08:49:14 -0800 |
commit | 9161f8a0233e8e040a2dc4e89feba0897b56d8d0 (patch) | |
tree | 13f055e87a047f152c644e03c585818b94c00426 | |
parent | 9de34ff2662d518569aa16e7035b393b26437a48 (diff) |
binding: bluetooth: add input validation on device input
Validate device input to filter out special characters being sent that
may cause the dbus call to hang or segfault.
Bug-AGL: SPEC-1630
Change-Id: I31aa458154c030181b905b7ccc9d6a8aa0f84ef0
Signed-off-by: Matt Ranostay <matt.ranostay@konsulko.com>
-rw-r--r-- | binding/bluetooth-util.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/binding/bluetooth-util.c b/binding/bluetooth-util.c index 21aae6c..4740cda 100644 --- a/binding/bluetooth-util.c +++ b/binding/bluetooth-util.c @@ -1039,7 +1039,7 @@ void json_process_path(json_object *jresp, const char *path) { gchar *return_bluez_path(afb_req_t request) { const char *adapter = afb_req_value(request, "adapter"); - const char *device; + const char *device, *tmp; adapter = adapter ? adapter : BLUEZ_DEFAULT_ADAPTER; @@ -1049,6 +1049,16 @@ gchar *return_bluez_path(afb_req_t request) { return NULL; } + tmp = device; + + /* Stop the dbus call from segfaulting from special characters */ + for (; *tmp; tmp++) { + if (!g_ascii_isalnum(*tmp) && *tmp != '_') { + afb_req_fail(request, "failed", "Invalid device parameter"); + return NULL; + } + } + return g_strconcat("/org/bluez/", adapter, "/", device, NULL); } |