From 9161f8a0233e8e040a2dc4e89feba0897b56d8d0 Mon Sep 17 00:00:00 2001
From: Matt Ranostay <matt.ranostay@konsulko.com>
Date: Thu, 1 Nov 2018 20:10:14 -0700
Subject: binding: bluetooth: add input validation on device input

Validate device input to filter out special characters being sent that
may cause the dbus call to hang or segfault.

Bug-AGL: SPEC-1630
Change-Id: I31aa458154c030181b905b7ccc9d6a8aa0f84ef0
Signed-off-by: Matt Ranostay <matt.ranostay@konsulko.com>
---
 binding/bluetooth-util.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/binding/bluetooth-util.c b/binding/bluetooth-util.c
index 21aae6c..4740cda 100644
--- a/binding/bluetooth-util.c
+++ b/binding/bluetooth-util.c
@@ -1039,7 +1039,7 @@ void json_process_path(json_object *jresp, const char *path) {
 
 gchar *return_bluez_path(afb_req_t request) {
 	const char *adapter = afb_req_value(request, "adapter");
-	const char *device;
+	const char *device, *tmp;
 
 	adapter = adapter ? adapter : BLUEZ_DEFAULT_ADAPTER;
 
@@ -1049,6 +1049,16 @@ gchar *return_bluez_path(afb_req_t request) {
 		return NULL;
 	}
 
+	tmp = device;
+
+	/* Stop the dbus call from segfaulting from special characters */
+	for (; *tmp; tmp++) {
+		if (!g_ascii_isalnum(*tmp) && *tmp != '_') {
+			afb_req_fail(request, "failed", "Invalid device parameter");
+			return NULL;
+		}
+	}
+
 	return g_strconcat("/org/bluez/", adapter, "/", device, NULL);
 }
 
-- 
cgit 1.2.3-korg