dbus: add some more safety checks before accepting data from bus clients

author: Lennart Poettering <lennart@poettering.net> 2012-10-03 13:29:20 -0400
committer: Lennart Poettering <lennart@poettering.net> 2012-10-03 13:29:20 -0400
commit: 0b507b17a760b21e33fc52ff377db6aa5086c680 (patch)
tree: 472861f8e6dd3b70752b26feded8e0246e1103d9 /src/shared/util.c
parent: 07c289875fd46331a430c43e8991d3c7407cb703 (diff)
1 files changed, 37 insertions, 0 deletions
diff --git a/src/shared/util.c b/src/shared/util.c
index d2ca3fc783..64d6e62a53 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -56,6 +56,7 @@
 #include <sys/mman.h>
 #include <sys/vfs.h>
 #include <linux/magic.h>
+#include <limits.h>
 
 #include "macro.h"
 #include "util.h"
@@ -5851,3 +5852,39 @@ void closedirp(DIR **d) {
 void umaskp(mode_t *u) {
         umask(*u);
 }
+
+bool filename_is_safe(const char *p) {
+
+        if (isempty(p))
+                return false;
+
+        if (strchr(p, '/'))
+                return false;
+
+        if (streq(p, "."))
+                return false;
+
+        if (streq(p, ".."))
+                return false;
+
+        if (strlen(p) > FILENAME_MAX)
+                return false;
+
+        return true;
+}
+
+bool string_is_safe(const char *p) {
+        const char *t;
+
+        assert(p);
+
+        for (t = p; *t; t++) {
+                if (*p < ' ')
+                        return false;
+
+                if (strchr("\\\"\'", *p))
+                        return false;
+        }
+
+        return true;
+}
author	Lennart Poettering <lennart@poettering.net>	2012-10-03 13:29:20 -0400
committer	Lennart Poettering <lennart@poettering.net>	2012-10-03 13:29:20 -0400
commit	0b507b17a760b21e33fc52ff377db6aa5086c680 (patch)
tree	472861f8e6dd3b70752b26feded8e0246e1103d9 /src/shared/util.c
parent	07c289875fd46331a430c43e8991d3c7407cb703 (diff)