From 6396f42d74f22ab5f8e736dc5cb04c57917f9319 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 1 Aug 2012 16:51:59 +0200 Subject: [PATCH] Stricter checks for netname and node names. - Node names should not be empty. - Net names should not contain slashes or start with a dot, because they are used in pathnames. --- src/protocol.c | 3 +++ src/tincctl.c | 10 +++++++++- src/tincd.c | 7 ++++++- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 1c5b6cfd..1153d61f 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -56,6 +56,9 @@ static char (*request_name[]) = { static splay_tree_t *past_request_tree; bool check_id(const char *id) { + if(!id || !*id) + return false; + for(; *id; id++) if(!isalnum(*id) && *id != '_') return false; diff --git a/src/tincctl.c b/src/tincctl.c index 7eb141d2..39bd326d 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -194,11 +194,16 @@ static bool parse_options(int argc, char **argv) { /* netname "." is special: a "top-level name" */ - if(netname && !strcmp(netname, ".")) { + if(netname && (!*netname || !strcmp(netname, "."))) { free(netname); netname = NULL; } + if(netname && (strpbrk(netname, "\\/") || *netname == '.')) { + fprintf(stderr, "Invalid character in netname!\n"); + return false; + } + return true; } @@ -1344,6 +1349,9 @@ static int cmd_config(int argc, char *argv[]) { } bool check_id(const char *name) { + if(!name || !*name) + return false; + for(int i = 0; i < strlen(name); i++) { if(!isalnum(name[i]) && name[i] != '_') return false; diff --git a/src/tincd.c b/src/tincd.c index 98123feb..0fd2f8d7 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -231,11 +231,16 @@ static bool parse_options(int argc, char **argv) { /* netname "." is special: a "top-level name" */ - if(netname && !strcmp(netname, ".")) { + if(netname && (!*netname || !strcmp(netname, "."))) { free(netname); netname = NULL; } + if(netname && (strpbrk(netname, "\\/") || *netname == '.')) { + fprintf(stderr, "Invalid character in netname!\n"); + return false; + } + return true; } -- 2.39.5