[PATCH 2/4] basic checks of keys and values

Wed, 21 Mar 2012 08:11:14 -0700 

---
 src/daemon/abrt-server.c |   49 ++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/src/daemon/abrt-server.c b/src/daemon/abrt-server.c
index c883452..41983c8 100644
--- a/src/daemon/abrt-server.c
+++ b/src/daemon/abrt-server.c
@@ -217,14 +217,44 @@ static int delete_path(const char *dump_dir_name)
 }
 
 /* Checks if a string contains only printable characters. */
-static bool printable_str(const char *str)
+static gboolean printable_str(const char *str)
 {
     do {
         if ((unsigned char)(*str) < ' ' || *str == 0x7f)
-            return false;
+            return FALSE;
         str++;
     } while (*str);
-    return true;
+    return TRUE;
+}
+
+static gboolean is_correct_filename (const char *value)
+{
+    return printable_str(value) && !strchr(value, '/') && !strchr(value, '.');
+}
+
+static gboolean key_value_ok(gchar *key, gchar *value)
+{
+    gboolean maybe = TRUE;
+    char *i;
+
+    /* check key, it has to be valid filename and will end up in the
+     * bugzilla */
+    for (i = key; *i != 0 && maybe; i++)
+    {
+        maybe = isalpha(*i) || (*i == '-') || (*i == '_') || (*i == ' ');
+    }
+
+    /* check value of 'basename', it has to be valid non-hidden directory
+     * name */
+    if (maybe && (strcmp(key, "basename") == 0))
+    {
+        maybe = is_correct_filename(value);
+        if (!maybe)
+            error_msg("Value of 'basename' (%s) is not a valid directory 
name.",
+                      value);
+    }
+
+    return maybe;
 }
 
 /* Handles a message received from client over socket. */
@@ -238,10 +268,21 @@ static void process_message(GHashTable *problem_info, 
char *message)
     {
         key = xstrndup(message, position - message);
         value = g_ascii_strdown(key, strlen(key));
-        g_hash_table_insert(problem_info, key, value);
+        if (key_value_ok(key, value))
+            if (strcmp(key, FILENAME_UID) == 0)
+            {
+                error_msg("Ignoring value of %s, will be determined later.",
+                          FILENAME_UID);
+            }
+            else
+                g_hash_table_insert(problem_info, key, value);
+        else
+            /* should use error_msg_and_die() here? */
+            error_msg("Invalid key or value format: %s", message);
     }
     else
     {
+        /* should use error_msg_and_die() here? */
         error_msg("Invalid message format: '%s'", message);
     }
 }
-- 
1.7.4.4

Reply via email to