dbus: add some more safety checks before accepting data from bus clients

author: Lennart Poettering <lennart@poettering.net> 2012-10-03 13:29:20 -0400
committer: Lennart Poettering <lennart@poettering.net> 2012-10-03 13:29:20 -0400
commit: 0b507b17a760b21e33fc52ff377db6aa5086c680 (patch)
tree: 472861f8e6dd3b70752b26feded8e0246e1103d9 /src/hostname/hostnamed.c
parent: 07c289875fd46331a430c43e8991d3c7407cb703 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index 8f9d5a04f5..cd3ef491ac 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -451,6 +451,14 @@ static DBusHandlerResult hostname_message_handler(
                         } else {
                                 char *h;
 
+                                /* The icon name might ultimately be
+                                 * used as file name, so better be
+                                 * safe than sorry */
+                                if (k == PROP_ICON_NAME && !filename_is_safe(name))
+                                        return bus_send_error_reply(connection, message, NULL, -EINVAL);
+                                if (k == PROP_PRETTY_HOSTNAME && !string_is_safe(name))
+                                        return bus_send_error_reply(connection, message, NULL, -EINVAL);
+
                                 h = strdup(name);
                                 if (!h)
                                         goto oom;
author	Lennart Poettering <lennart@poettering.net>	2012-10-03 13:29:20 -0400
committer	Lennart Poettering <lennart@poettering.net>	2012-10-03 13:29:20 -0400
commit	0b507b17a760b21e33fc52ff377db6aa5086c680 (patch)
tree	472861f8e6dd3b70752b26feded8e0246e1103d9 /src/hostname/hostnamed.c
parent	07c289875fd46331a430c43e8991d3c7407cb703 (diff)