summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Hanselmann <public@hansmi.ch>2021-06-08 23:27:26 +0200
committerMichael Hanselmann <public@hansmi.ch>2021-06-19 20:46:51 +0200
commit68d143f59258c249473ea743213e72bfd78d6a07 (patch)
tree3d65de546bc3a0f59a90ef1388da04915871d3d7
parentb0ee1209003adb4729f187a575209bc51a98e778 (diff)
Verify that rule separators are not empty
The `usbredirfilter_rules_to_string` function always dereferences its separator arguments, thus requiring at least one character. Parsing a rule string in `usbredirfilter_string_to_rules` can only work correctly when there's at least one separator character for both rules and tokens. Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Diffstat
-rw-r--r--tests/filter.c12
-rw-r--r--usbredirparser/usbredirfilter.c8
2 files changed, 20 insertions, 0 deletions
diff --git a/tests/filter.c b/tests/filter.c
index 311a861..cbdfde8 100644
--- a/tests/filter.c
+++ b/tests/filter.c
@@ -179,6 +179,18 @@ static const struct test test_cases[] = {
.filter = "0x03,-1,-1,-1,0|3|-1,-1,-1,-1,1",
.want_retval = -EINVAL,
},
+ {
+ .name = "empty token separator",
+ .filter = "0x03,-1,-1,-1,0",
+ .token_sep = "",
+ .want_retval = -EINVAL,
+ },
+ {
+ .name = "empty rule separator",
+ .filter = "0x03,-1,-1,-1,0",
+ .rule_sep = "",
+ .want_retval = -EINVAL,
+ },
};
static void
diff --git a/usbredirparser/usbredirfilter.c b/usbredirparser/usbredirfilter.c
index ee8f8b9..420370c 100644
--- a/usbredirparser/usbredirfilter.c
+++ b/usbredirparser/usbredirfilter.c
@@ -42,6 +42,10 @@ int usbredirfilter_string_to_rules(
char *buf = NULL;
const char *r;
+ if (strlen(token_sep) == 0 || strlen(rule_sep) == 0) {
+ return -EINVAL;
+ }
+
*rules_ret = NULL;
*rules_count_ret = 0;
@@ -113,6 +117,10 @@ char *usbredirfilter_rules_to_string(const struct usbredirfilter_rule *rules,
if (usbredirfilter_verify(rules, rules_count))
return NULL;
+ if (strlen(token_sep) == 0 || strlen(rule_sep) == 0) {
+ return NULL;
+ }
+
/* We need 28 bytes per rule in the worst case */
str = malloc(28 * rules_count + 1);
if (!str)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-31 15:54:09 +0000