From 2bb0d2047a661a85d27569e46aa9aca347d878a3 Mon Sep 17 00:00:00 2001 From: Andrew Bettison Date: Mon, 2 Dec 2013 11:12:31 +1030 Subject: [PATCH] Enforce valid Rhizome 'service' and 'name' strings --- dataformats.c | 13 +++++++++++++ dataformats.h | 1 + rhizome_bundle.c | 2 ++ 3 files changed, 16 insertions(+) diff --git a/dataformats.c b/dataformats.c index ed841ca2..1518ab80 100644 --- a/dataformats.c +++ b/dataformats.c @@ -171,6 +171,19 @@ int rhizome_str_is_manifest_service(const char *text) return *text == '\0'; } +/* A name cannot contain a LF because that is the Rhizome text manifest field terminator. For the + * time being, CR is not allowed either, because the Rhizome field terminator includes an optional + * CR. See rhizome_manifest_parse(). + * + * @author Andrew Bettison + */ +int rhizome_str_is_manifest_name(const char *text) +{ + while (*text && *text != '\n' && *text != '\r') + ++text; + return *text == '\0'; +} + int str_is_did(const char *did) { size_t len = 0; diff --git a/dataformats.h b/dataformats.h index 67afb746..a9abc661 100644 --- a/dataformats.h +++ b/dataformats.h @@ -15,6 +15,7 @@ int rhizome_str_is_bundle_crypt_key(const char *text); int rhizome_strn_is_file_hash(const char *text); int rhizome_str_is_file_hash(const char *text); int rhizome_str_is_manifest_service(const char *text); +int rhizome_str_is_manifest_name(const char *text); void write_uint64(unsigned char *o,uint64_t v); void write_uint16(unsigned char *o,uint16_t v); diff --git a/rhizome_bundle.c b/rhizome_bundle.c index 77754411..e513f855 100644 --- a/rhizome_bundle.c +++ b/rhizome_bundle.c @@ -204,6 +204,7 @@ void _rhizome_manifest_del_bundle_key(struct __sourceloc __whence, rhizome_manif void _rhizome_manifest_set_service(struct __sourceloc __whence, rhizome_manifest *m, const char *service) { if (service) { + assert(rhizome_str_is_manifest_service(service)); const char *v = rhizome_manifest_set(m, "service", service); assert(v); // TODO: remove known manifest fields from vars[] m->service = v; @@ -223,6 +224,7 @@ void _rhizome_manifest_del_service(struct __sourceloc __whence, rhizome_manifest void _rhizome_manifest_set_name(struct __sourceloc __whence, rhizome_manifest *m, const char *name) { if (name) { + assert(rhizome_str_is_manifest_name(name)); const char *v = rhizome_manifest_set(m, "name", name); assert(v); // TODO: remove known manifest fields from vars[] m->name = v;