Browse code

- all fifo functions checks for user@host format

Bogdan-Andrei Iancu authored on 13/11/2003 22:08:00
Showing 2 changed files
... ...
@@ -432,6 +432,11 @@ static inline int build_userhost(struct sip_uri *uri, str *uh, int flg)
432 432
 		}
433 433
 	} else {
434 434
 		uh->s = buf;
435
+		if (uri->user.len+1+uri->host.len+1>MAX_USERHOST_LEN) {
436
+			LOG(L_ERR,"ERROR:cpl-c:build_userhost: user+host longer than %d\n",
437
+				MAX_USERHOST_LEN);
438
+			return -1;
439
+		}
435 440
 	}
436 441
 	memcpy( uh->s, uri->user.s, uri->user.len);
437 442
 	uh->len = uri->user.len;
... ...
@@ -42,6 +42,7 @@
42 42
 #include <sys/uio.h>
43 43
 #include <errno.h>
44 44
 #include <string.h>
45
+#include <ctype.h>
45 46
 #include "../../str.h"
46 47
 #include "../../dprint.h"
47 48
 #include "../../fifo_server.h"
... ...
@@ -196,6 +197,40 @@ again:
196 197
 
197 198
 
198 199
 
200
+static inline int check_userhost( char *p, char *end)
201
+{
202
+	char *p1;
203
+	int  dot;
204
+
205
+	/* parse user name */
206
+	p1 = p;
207
+	while (p<end && (isalnum(*p) || *p=='-' || *p=='_' || *p=='.' ))
208
+		p++;
209
+	if (p==p1 || p==end || *p!='@')
210
+		return -1;
211
+	p++;
212
+	/* parse the host part */
213
+	dot = 1;
214
+	p1 = p;
215
+	while (p<end) {
216
+		if (*p=='.') {
217
+			if (dot) return -1; /* dot after dot */
218
+			dot = 1;
219
+		} else if (isalnum(*p) || *p=='-' || *p=='_' ) {
220
+			dot = 0;
221
+		} else {
222
+			return -1;
223
+		}
224
+		p++;
225
+	}
226
+	if (p1==p || dot)
227
+		return -1;
228
+
229
+	return 0;
230
+}
231
+
232
+
233
+
199 234
 /* Triggered by fifo server -> implements LOAD_CPL command
200 235
  * Command format:
201 236
  * -----------------------
... ...
@@ -209,6 +244,7 @@ again:
209 244
  */
210 245
 #define FILE_LOAD_ERR "Error: Cannot read CPL file.\n"
211 246
 #define DB_SAVE_ERR   "Error: Cannot save CPL to database.\n"
247
+#define USRHOST_ERR   "Error: Bad user@host.\n"
212 248
 int cpl_load( FILE *fifo_stream, char *response_file )
213 249
 {
214 250
 	static char user[MAX_STATIC_BUF];
... ...
@@ -237,7 +273,7 @@ int cpl_load( FILE *fifo_stream, char *response_file )
237 273
 		goto error;
238 274
 	}
239 275
 	user[user_len] = 0;
240
-	DBG("DEBUG:cpl_load: user=%.*s\n",user_len,user);
276
+	DBG("DEBUG:cpl_load: user@host=%.*s\n",user_len,user);
241 277
 
242 278
 	/* second line must be the cpl file */
243 279
 	if (read_line( cpl_file, MAX_STATIC_BUF-1,fifo_stream,&cpl_file_len)!=1 ||
... ...
@@ -249,6 +285,15 @@ int cpl_load( FILE *fifo_stream, char *response_file )
249 285
 	cpl_file[cpl_file_len] = 0;
250 286
 	DBG("DEBUG:cpl-c:cpl_load: cpl file=%.*s\n",cpl_file_len,cpl_file);
251 287
 
288
+	/* check user+host */
289
+	if (check_userhost( user, user+user_len)!=0) {
290
+		LOG(L_ERR,"ERROR:cpl-c:cpl_load: invalid user@host [%.*s]\n",
291
+			user_len,user);
292
+		logs[1].s = USRHOST_ERR;
293
+		logs[1].len = strlen( USRHOST_ERR );
294
+		goto error1;
295
+	}
296
+
252 297
 	/* load the xml file - this function will allocted a buff for the loading
253 298
 	 * the cpl file and attach it to xml.s -> don't forget to free it! */
254 299
 	if (load_file( cpl_file, &xml)!=1) {
... ...
@@ -328,6 +373,15 @@ int cpl_remove( FILE *fifo_stream, char *response_file )
328 373
 	user[user_len] = 0;
329 374
 	DBG("DEBUG:cpl-c:cpl_remove: user=%.*s\n",user_len,user);
330 375
 
376
+	/* check user+host */
377
+	if (check_userhost( user, user+user_len)!=0) {
378
+		LOG(L_ERR,"ERROR:cpl-c:cpl_remove: invalid user@host [%.*s]\n",
379
+			user_len,user);
380
+		logs[1].s = USRHOST_ERR;
381
+		logs[1].len = strlen( USRHOST_ERR );
382
+		goto error1;
383
+	}
384
+
331 385
 	if (rmv_from_db( db_hdl, user)!=1) {
332 386
 		logs[1].s = DB_RMV_ERR;
333 387
 		logs[1].len = sizeof(DB_RMV_ERR);
... ...
@@ -357,11 +411,13 @@ error:
357 411
  * -----------------------
358 412
  * For the given user, return the CPL script in XML format
359 413
  */
414
+#define DB_GET_ERR   "Error: Database query failed.\n"
360 415
 int cpl_get( FILE *fifo_stream, char *response_file )
361 416
 {
362 417
 	static char user_s[MAX_STATIC_BUF];
363 418
 	str user = {user_s,0};
364 419
 	str script = {0,0};
420
+	str logs[2];
365 421
 
366 422
 	/* check the name of the response file */
367 423
 	if (response_file==0) {
... ...
@@ -379,9 +435,21 @@ int cpl_get( FILE *fifo_stream, char *response_file )
379 435
 	}
380 436
 	DBG("DEBUG:cpl-c:cpl_get: user=%.*s\n",user.len,user.s);
381 437
 
438
+	/* check user+host */
439
+	if (check_userhost( user.s, user.s+user.len)!=0) {
440
+		LOG(L_ERR,"ERROR:cpl-c:cpl_load: invalid user@host [%.*s]\n",
441
+			user.len,user.s);
442
+		logs[1].s = USRHOST_ERR;
443
+		logs[1].len = strlen( USRHOST_ERR );
444
+		goto error1;
445
+	}
446
+
382 447
 	/* get the script for this user */
383
-	if (get_user_script( db_hdl, &user, &script, "cpl_xml")==-1)
384
-		goto error;
448
+	if (get_user_script( db_hdl, &user, &script, "cpl_xml")==-1) {
449
+		logs[1].s = DB_GET_ERR;
450
+		logs[1].len = strlen( DB_GET_ERR );
451
+		goto error1;
452
+	}
385 453
 
386 454
 	/* write the response into response file - even if script is null */
387 455
 	write_to_file( response_file, &script, !(script.len==0) );
... ...
@@ -389,6 +457,10 @@ int cpl_get( FILE *fifo_stream, char *response_file )
389 457
 	if (script.s) shm_free( script.s );
390 458
 
391 459
 	return 1;
460
+error1:
461
+	logs[0].s = "ERROR\n";
462
+	logs[0].len = 6;
463
+	write_to_file( response_file, logs, 2);
392 464
 error:
393 465
 	return -1;
394 466
 }