adds detection of wrong names for apis

Change-Id: I5466879bc2d9a60992605bf2514f78d3121f8114
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

diff --git a/src/afb-api-dbus.c b/src/afb-api-dbus.c
index 52d449f..edbb1ed 100644 (file)
--- a/src/afb-api-dbus.c
+++ b/src/afb-api-dbus.c
@@ -91,6 +91,10 @@ static struct api_dbus *make_api_dbus_3(int system, const char *path, size_t pat
                goto error2;
        }
        api->api++;
+       if (!afb_apis_is_valid_api_name(api->api)) {
+               errno = EINVAL;
+               goto error2;
+       }
 
        /* the name/interface is copied after the path */
        api->name = &api->path[pathlen + 1];

diff --git a/src/afb-api-so.c b/src/afb-api-so.c
index 9b7e994..bcd8dbe 100644 (file)
--- a/src/afb-api-so.c
+++ b/src/afb-api-so.c
@@ -187,6 +187,10 @@ int afb_api_so_add_plugin(const char *path)
                ERROR("plugin [%s] bad prefix...", path);
                goto error3;
        }
+       if (!afb_apis_is_valid_api_name(desc->plugin->v1.prefix)) {
+               ERROR("plugin [%s] invalid prefix...", path);
+               goto error3;
+       }
        if (desc->plugin->v1.info == NULL || *desc->plugin->v1.info == 0) {
                ERROR("plugin [%s] bad description...", path);
                goto error3;

diff --git a/src/afb-apis.c b/src/afb-apis.c
index 5ebc96f..e8e7ced 100644 (file)
--- a/src/afb-apis.c
+++ b/src/afb-apis.c
@@ -42,16 +42,45 @@ int afb_apis_count()
        return apis_count;
 }
 
+int afb_apis_is_valid_api_name(const char *name)
+{
+       unsigned char c;
+
+       c = (unsigned char)*name;
+       if (c == 0)
+               return 0;
+       do {
+               if (c < (unsigned char)'\x80') {
+                       switch(c) {
+                       default:
+                               if (c > ' ')
+                                       break;
+                       case '"':
+                       case '#':
+                       case '%':
+                       case '&':
+                       case '\'':
+                       case '/':
+                       case '?':
+                       case '`':
+                       case '\\':
+                       case '\x7f':
+                               return 0;
+                       }
+               }
+               c = (unsigned char)*++name;
+       } while(c != 0);
+       return 1;
+}
+
 int afb_apis_add(const char *name, struct afb_api api)
 {
        struct api_desc *apis;
-       size_t len;
        int i;
 
-       /* check existing or not */
-       len = strlen(name);
-       if (len == 0) {
-               ERROR("empty api name forbidden");
+       /* Checks the api name */
+       if (!afb_apis_is_valid_api_name(name)) {
+               ERROR("invalid api name forbidden (name is '%s')", name);
                goto error;
        }
 
@@ -74,7 +103,7 @@ int afb_apis_add(const char *name, struct afb_api api)
        /* record the plugin */
        apis = &apis_array[apis_count];
        apis->api = api;
-       apis->namelen = len;
+       apis->namelen = strlen(name);
        apis->name = name;
        apis_count++;
 

diff --git a/src/afb-apis.h b/src/afb-apis.h
index 7696978..e269b4c 100644 (file)
--- a/src/afb-apis.h
+++ b/src/afb-apis.h
@@ -28,6 +28,7 @@ struct afb_api
 
 
 extern int afb_apis_count();
+extern int afb_apis_is_valid_api_name(const char *name);
 extern int afb_apis_add(const char *name, struct afb_api api);
 extern void afb_apis_call(struct afb_req req, struct afb_context *context, const char *api, size_t lenapi, const char *verb, size_t lenverb);
 extern void afb_apis_call_(struct afb_req req, struct afb_context *context, const char *api, const char *verb);