aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/afb-api-dbus.c4
-rw-r--r--src/afb-api-so.c4
-rw-r--r--src/afb-apis.c41
-rw-r--r--src/afb-apis.h1
4 files changed, 44 insertions, 6 deletions
diff --git a/src/afb-api-dbus.c b/src/afb-api-dbus.c
index 52d449f0..edbb1edd 100644
--- a/src/afb-api-dbus.c
+++ b/src/afb-api-dbus.c
@@ -91,6 +91,10 @@ static struct api_dbus *make_api_dbus_3(int system, const char *path, size_t pat
goto error2;
}
api->api++;
+ if (!afb_apis_is_valid_api_name(api->api)) {
+ errno = EINVAL;
+ goto error2;
+ }
/* the name/interface is copied after the path */
api->name = &api->path[pathlen + 1];
diff --git a/src/afb-api-so.c b/src/afb-api-so.c
index 9b7e994f..bcd8dbe0 100644
--- a/src/afb-api-so.c
+++ b/src/afb-api-so.c
@@ -187,6 +187,10 @@ int afb_api_so_add_plugin(const char *path)
ERROR("plugin [%s] bad prefix...", path);
goto error3;
}
+ if (!afb_apis_is_valid_api_name(desc->plugin->v1.prefix)) {
+ ERROR("plugin [%s] invalid prefix...", path);
+ goto error3;
+ }
if (desc->plugin->v1.info == NULL || *desc->plugin->v1.info == 0) {
ERROR("plugin [%s] bad description...", path);
goto error3;
diff --git a/src/afb-apis.c b/src/afb-apis.c
index 5ebc96ff..e8e7ced3 100644
--- a/src/afb-apis.c
+++ b/src/afb-apis.c
@@ -42,16 +42,45 @@ int afb_apis_count()
return apis_count;
}
+int afb_apis_is_valid_api_name(const char *name)
+{
+ unsigned char c;
+
+ c = (unsigned char)*name;
+ if (c == 0)
+ return 0;
+ do {
+ if (c < (unsigned char)'\x80') {
+ switch(c) {
+ default:
+ if (c > ' ')
+ break;
+ case '"':
+ case '#':
+ case '%':
+ case '&':
+ case '\'':
+ case '/':
+ case '?':
+ case '`':
+ case '\\':
+ case '\x7f':
+ return 0;
+ }
+ }
+ c = (unsigned char)*++name;
+ } while(c != 0);
+ return 1;
+}
+
int afb_apis_add(const char *name, struct afb_api api)
{
struct api_desc *apis;
- size_t len;
int i;
- /* check existing or not */
- len = strlen(name);
- if (len == 0) {
- ERROR("empty api name forbidden");
+ /* Checks the api name */
+ if (!afb_apis_is_valid_api_name(name)) {
+ ERROR("invalid api name forbidden (name is '%s')", name);
goto error;
}
@@ -74,7 +103,7 @@ int afb_apis_add(const char *name, struct afb_api api)
/* record the plugin */
apis = &apis_array[apis_count];
apis->api = api;
- apis->namelen = len;
+ apis->namelen = strlen(name);
apis->name = name;
apis_count++;
diff --git a/src/afb-apis.h b/src/afb-apis.h
index 76969782..e269b4c4 100644
--- a/src/afb-apis.h
+++ b/src/afb-apis.h
@@ -28,6 +28,7 @@ struct afb_api
extern int afb_apis_count();
+extern int afb_apis_is_valid_api_name(const char *name);
extern int afb_apis_add(const char *name, struct afb_api api);
extern void afb_apis_call(struct afb_req req, struct afb_context *context, const char *api, size_t lenapi, const char *verb, size_t lenverb);
extern void afb_apis_call_(struct afb_req req, struct afb_context *context, const char *api, const char *verb);