start to enforce plain ascii or valid utf8

No device node or symlink can have other characters as plain readable ascii or valid utf8. The /dev/disk/by-label/* symlinks can no longer contain weird stuff read from untrusted sources. Signed-off-by: Kay Sievers <kay.sievers@suse.de>
author: Kay Sievers <kay.sievers@suse.de> 2005-08-28 15:55:58 +0200
committer: Kay Sievers <kay.sievers@suse.de> 2005-08-28 15:55:58 +0200
commit: 764ce7f2ab526c084f005186e0dcbabe59070247 (patch)
tree: 411a1246ee2a77271d2dab8a6480e5e7388694ac /udev_utils_string.c
parent: 5b13ecb830cdec338b514b9ed8c2c559c2f05223 (diff)
1 files changed, 28 insertions, 5 deletions
diff --git a/udev_utils_string.c b/udev_utils_string.c
index a30181e760..bb5677d46e 100644
--- a/udev_utils_string.c
+++ b/udev_utils_string.c
@@ -232,12 +232,35 @@ int utf8_encoded_valid_unichar(const char *str)
 	return len;
 }
 
-void replace_untrusted_chars(char *string)
+/* replace everything but whitelisted plain ascii and valid utf8 */
+int replace_untrusted_chars(char *str)
 {
-	size_t len;
+	size_t i = 0;
+	int replaced = 0;
+
+	while (str[i] != '\0') {
+		int len;
+
+		/* valid printable ascii char */
+		if ((str[i] >= '0' && str[i] <= '9') ||
+		    (str[i] >= 'A' && str[i] <= 'Z') ||
+		    (str[i] >= 'a' && str[i] <= 'z') ||
+		    strchr(" #$%+-./:=?@_", str[i])) {
+			i++;
+			continue;
+		}
+		/* valid utf8 is accepted */
+		len = utf8_encoded_valid_unichar(&str[i]);
+		if (len > 1) {
+			i += len;
+			continue;
+		}
 
-	for (len = 0; string[len] != '\0'; len++) {
-		if (strchr(";,~\\()\'", string[len]))
-			string[len] = '_';
+		/* everything else is garbage */
+		str[i] = '_';
+		i++;
+		replaced++;
 	}
+
+	return replaced;
 }
author	Kay Sievers <kay.sievers@suse.de>	2005-08-28 15:55:58 +0200
committer	Kay Sievers <kay.sievers@suse.de>	2005-08-28 15:55:58 +0200
commit	764ce7f2ab526c084f005186e0dcbabe59070247 (patch)
tree	411a1246ee2a77271d2dab8a6480e5e7388694ac /udev_utils_string.c
parent	5b13ecb830cdec338b514b9ed8c2c559c2f05223 (diff)