Skip to content
Permalink
Browse files Browse the repository at this point in the history
lib: add a function checking file names
Move the code from ABRT and extend it a bit:
* allow only 64 characters
* allow '.' in names (vmcore_dmesg.txt)
* forbid '/'
* forbid "."
* forbid ".."

Related: #1214451

Signed-off-by: Jakub Filak <jfilak@redhat.com>
  • Loading branch information
Jakub Filak committed Apr 28, 2015
1 parent e76a865 commit 54ecf8d
Show file tree
Hide file tree
Showing 5 changed files with 83 additions and 1 deletion.
6 changes: 6 additions & 0 deletions src/include/internal_libreport.h
Expand Up @@ -132,6 +132,12 @@ char *concat_path_file(const char *path, const char *filename);
#define concat_path_basename libreport_concat_path_basename
char *concat_path_basename(const char *path, const char *filename);

/* Allows all printable characters except '/',
* the string must not exceed 64 characters of length
* and must not equal neither "." nor ".." (these strings may appear in the string) */
#define str_is_correct_filename libreport_str_is_correct_filename
bool str_is_correct_filename(const char *str);

/* A-la fgets, but malloced and of unlimited size */
#define xmalloc_fgets libreport_xmalloc_fgets
char *xmalloc_fgets(FILE *file);
Expand Down
25 changes: 25 additions & 0 deletions src/lib/concat_path_file.c
Expand Up @@ -57,3 +57,28 @@ char *concat_path_basename(const char *path, const char *filename)
free(abspath);
return name;
}

bool str_is_correct_filename(const char *str)
{
#define NOT_PRINTABLE(c) (c < ' ' || c == 0x7f)

if (NOT_PRINTABLE(*str) || *str == '/' || *str == '\0')
return false;
++str;

if (NOT_PRINTABLE(*str) || *str =='/' || (*str == '\0' && *(str-1) == '.'))
return false;
++str;

if (NOT_PRINTABLE(*str) || *str =='/' || (*str == '\0' && *(str-1) == '.' && *(str-2) == '.'))
return false;
++str;

for (unsigned i = 0; *str != '\0' && i < 61; ++str, ++i)
if (NOT_PRINTABLE(*str) || *str == '/')
return false;

return *str == '\0';

#undef NOT_PRINTABLE
}
3 changes: 2 additions & 1 deletion tests/Makefile.am
Expand Up @@ -42,7 +42,8 @@ TESTSUITE_AT = \
report_python.at \
xfuncs.at \
string_list.at \
ureport.at
ureport.at \
dump_dir.at

EXTRA_DIST += $(TESTSUITE_AT)
TESTSUITE = $(srcdir)/testsuite
Expand Down
49 changes: 49 additions & 0 deletions tests/dump_dir.at
@@ -0,0 +1,49 @@
# -*- Autotest -*-

AT_BANNER([dump directories])

## ----------------------- ##
## str_is_correct_filename ##
## ----------------------- ##

AT_TESTFUN([str_is_correct_filename],
[[
#include "internal_libreport.h"
#include <assert.h>
#
int main(void)
{
g_verbose = 3;

assert(str_is_correct_filename("") == false);
assert(str_is_correct_filename("/") == false);
assert(str_is_correct_filename("//") == false);
assert(str_is_correct_filename(".") == false);
assert(str_is_correct_filename(".") == false);
assert(str_is_correct_filename("..") == false);
assert(str_is_correct_filename("..") == false);
assert(str_is_correct_filename("/.") == false);
assert(str_is_correct_filename("//.") == false);
assert(str_is_correct_filename("./") == false);
assert(str_is_correct_filename(".//") == false);
assert(str_is_correct_filename("/./") == false);
assert(str_is_correct_filename("/..") == false);
assert(str_is_correct_filename("//..") == false);
assert(str_is_correct_filename("../") == false);
assert(str_is_correct_filename("..//") == false);
assert(str_is_correct_filename("/../") == false);
assert(str_is_correct_filename("/.././") == false);

assert(str_is_correct_filename("looks-good-but-evil/") == false);
assert(str_is_correct_filename("looks-good-but-evil/../../") == false);

assert(str_is_correct_filename(".meta-data") == true);
assert(str_is_correct_filename("..meta-meta-data") == true);
assert(str_is_correct_filename("meta-..-data") == true);

assert(str_is_correct_filename("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890+-") == true);
assert(str_is_correct_filename("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890+-=") == false);

return 0;
}
]])
1 change: 1 addition & 0 deletions tests/testsuite.at
Expand Up @@ -17,3 +17,4 @@ m4_include([xml_definition.at])
m4_include([report_python.at])
m4_include([string_list.at])
m4_include([ureport.at])
m4_include([dump_dir.at])

0 comments on commit 54ecf8d

Please sign in to comment.