Forbid zero length tags, tags with leading '-', tags with leading or
trailing whitespace, and tags containing whitespace other than space ' '.
Signed-off-by: Jani Nikula <jani at nikula.org>
---
notmuch-client.h | 1 +
notmuch-tag.c | 20 ++++++++++++++++++++
2 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/notmuch-client.h b/notmuch-client.h
index b50cb38..ff286b0 100644
--- a/notmuch-client.h
+++ b/notmuch-client.h
@@ -46,6 +46,7 @@
#include <dirent.h>
#include <errno.h>
#include <signal.h>
+#include <ctype.h>
#include <talloc.h>
diff --git a/notmuch-tag.c b/notmuch-tag.c
index dded39e..fb7a2f3 100644
--- a/notmuch-tag.c
+++ b/notmuch-tag.c
@@ -30,6 +30,22 @@ handle_sigint (unused (int sig))
interrupted = 1;
}
+static int
+tag_valid(const char *tag)
+{
+ /* no zero length tag, leading whitespace or leading - */
+ if (*tag == '\0' || isspace ((unsigned char) *tag) || *tag == '-')
+ return 0;
+
+ /* no whitespace except ' ', no trailing whitespace */
+ for (tag++; *tag; tag++) {
+ if (isspace ((unsigned char) *tag) && (*tag != ' ' || *(tag+1) == '\0'))
+ return 0;
+ }
+
+ return 1;
+}
+
int
notmuch_tag_command (void *ctx, unused (int argc), unused (char *argv[]))
{
@@ -73,6 +89,10 @@ notmuch_tag_command (void *ctx, unused (int argc), unused
(char *argv[]))
break;
}
if (argv[i][0] == '+') {
+ if (!tag_valid (argv[i] + 1)) {
+ fprintf (stderr, "Error: Invalid tag %s\n", argv[i] + 1);
+ return 1;
+ }
add_tags[add_tags_count++] = i;
} else if (argv[i][0] == '-') {
remove_tags[remove_tags_count++] = i;
--
1.7.5.4
