[PATCH] remove untrusted chars read from sysfs-values or returned by PROGRAM

Better remove characters that are useless in a device node name.
It may be a security risk to pass any character read from e.g. a
sysfs attribute to a shell script we execute later.
  
Prevent the modification of the libsysfs attribute value
cache.

Clear PROGRAM result if the execution encountered an error.

1 files changed, 15 insertions, 3 deletions

diff --git a/udev_utils.c b/udev_utils.c
index 2b5683fda6..37607492ac 100644
--- a/udev_utils.c
+++ b/udev_utils.c
@@ -50,7 +50,7 @@ int udev_init_device(struct udevice *udev, const char* devpath, const char *subs
 
 	if (devpath) {
 		strlcpy(udev->devpath, devpath, sizeof(udev->devpath));
-		no_trailing_slash(udev->devpath);
+		remove_trailing_char(udev->devpath, '/');
 
 		if (strncmp(udev->devpath, "/block/", 7) == 0)
 			udev->type = DEV_BLOCK;
@@ -228,12 +228,24 @@ size_t buf_get_line(const char *buf, size_t buflen, size_t cur)
 	return count - cur;
 }
 
-void no_trailing_slash(char *path)
+void replace_untrusted_chars(char *string)
+{
+	size_t len;
+
+	for (len = 0; string[len] != '\0'; len++) {
+		if (strchr(";,~\\()\'", string[len])) {
+			info("replace '%c' in '%s'", string[len], string);
+			string[len] = '_';
+		}
+	}
+}
+
+void remove_trailing_char(char *path, char c)
 {
 	size_t len;
 
 	len = strlen(path);
-	while (len > 0 && path[len-1] == '/')
+	while (len > 0 && path[len-1] == c)
 		path[--len] = '\0';
 }