From 5c1e761a2f84439b6e53ff1682ee665a7db2bca1 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 18 May 2016 11:11:19 +0200 Subject: adds detection of wrong names for apis MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I5466879bc2d9a60992605bf2514f78d3121f8114 Signed-off-by: José Bollo --- src/afb-api-dbus.c | 4 ++++ src/afb-api-so.c | 4 ++++ src/afb-apis.c | 41 +++++++++++++++++++++++++++++++++++------ src/afb-apis.h | 1 + 4 files changed, 44 insertions(+), 6 deletions(-) diff --git a/src/afb-api-dbus.c b/src/afb-api-dbus.c index 52d449f0..edbb1edd 100644 --- a/src/afb-api-dbus.c +++ b/src/afb-api-dbus.c @@ -91,6 +91,10 @@ static struct api_dbus *make_api_dbus_3(int system, const char *path, size_t pat goto error2; } api->api++; + if (!afb_apis_is_valid_api_name(api->api)) { + errno = EINVAL; + goto error2; + } /* the name/interface is copied after the path */ api->name = &api->path[pathlen + 1]; diff --git a/src/afb-api-so.c b/src/afb-api-so.c index 9b7e994f..bcd8dbe0 100644 --- a/src/afb-api-so.c +++ b/src/afb-api-so.c @@ -187,6 +187,10 @@ int afb_api_so_add_plugin(const char *path) ERROR("plugin [%s] bad prefix...", path); goto error3; } + if (!afb_apis_is_valid_api_name(desc->plugin->v1.prefix)) { + ERROR("plugin [%s] invalid prefix...", path); + goto error3; + } if (desc->plugin->v1.info == NULL || *desc->plugin->v1.info == 0) { ERROR("plugin [%s] bad description...", path); goto error3; diff --git a/src/afb-apis.c b/src/afb-apis.c index 5ebc96ff..e8e7ced3 100644 --- a/src/afb-apis.c +++ b/src/afb-apis.c @@ -42,16 +42,45 @@ int afb_apis_count() return apis_count; } +int afb_apis_is_valid_api_name(const char *name) +{ + unsigned char c; + + c = (unsigned char)*name; + if (c == 0) + return 0; + do { + if (c < (unsigned char)'\x80') { + switch(c) { + default: + if (c > ' ') + break; + case '"': + case '#': + case '%': + case '&': + case '\'': + case '/': + case '?': + case '`': + case '\\': + case '\x7f': + return 0; + } + } + c = (unsigned char)*++name; + } while(c != 0); + return 1; +} + int afb_apis_add(const char *name, struct afb_api api) { struct api_desc *apis; - size_t len; int i; - /* check existing or not */ - len = strlen(name); - if (len == 0) { - ERROR("empty api name forbidden"); + /* Checks the api name */ + if (!afb_apis_is_valid_api_name(name)) { + ERROR("invalid api name forbidden (name is '%s')", name); goto error; } @@ -74,7 +103,7 @@ int afb_apis_add(const char *name, struct afb_api api) /* record the plugin */ apis = &apis_array[apis_count]; apis->api = api; - apis->namelen = len; + apis->namelen = strlen(name); apis->name = name; apis_count++; diff --git a/src/afb-apis.h b/src/afb-apis.h index 76969782..e269b4c4 100644 --- a/src/afb-apis.h +++ b/src/afb-apis.h @@ -28,6 +28,7 @@ struct afb_api extern int afb_apis_count(); +extern int afb_apis_is_valid_api_name(const char *name); extern int afb_apis_add(const char *name, struct afb_api api); extern void afb_apis_call(struct afb_req req, struct afb_context *context, const char *api, size_t lenapi, const char *verb, size_t lenverb); extern void afb_apis_call_(struct afb_req req, struct afb_context *context, const char *api, const char *verb); -- cgit 1.2.3-korg