Commit 82c5a37b authored by David Woodhouse's avatar David Woodhouse

Check inputs for invalid UTF-8

Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 0f911e4a
......@@ -28,7 +28,8 @@ lib_srcs_gssapi = gssapi.c
lib_srcs_iconv = iconv.c
POTFILES = $(openconnect_SOURCES) $(lib_srcs_openssl) $(lib_srcs_gnutls) \
$(library_srcs) $(lib_srcs_win32) $(lib_srcs_posix) $(lib_srcs_gssapi)
$(library_srcs) $(lib_srcs_win32) $(lib_srcs_posix) $(lib_srcs_gssapi) \
$(lib_srcs_iconv) openconnect-internal.h
if OPENCONNECT_GSSAPI
library_srcs += $(lib_srcs_gssapi)
......
......@@ -248,6 +248,8 @@ char *openconnect_get_hostname(struct openconnect_info *vpninfo)
void openconnect_set_hostname(struct openconnect_info *vpninfo, char *hostname)
{
UTF8CHECK_VOID(hostname);
free(vpninfo->hostname);
vpninfo->hostname = hostname;
free(vpninfo->unique_hostname);
......@@ -263,6 +265,8 @@ char *openconnect_get_urlpath(struct openconnect_info *vpninfo)
void openconnect_set_urlpath(struct openconnect_info *vpninfo, char *urlpath)
{
UTF8CHECK_VOID(urlpath);
vpninfo->urlpath = urlpath;
}
......@@ -276,6 +280,8 @@ void openconnect_set_xmlsha1(struct openconnect_info *vpninfo, const char *xmlsh
void openconnect_set_cafile(struct openconnect_info *vpninfo, char *cafile)
{
UTF8CHECK_VOID(cafile);
vpninfo->cafile = cafile;
}
......@@ -331,6 +337,9 @@ void openconnect_set_xmlpost(struct openconnect_info *vpninfo, int enable)
void openconnect_set_client_cert(struct openconnect_info *vpninfo, char *cert, char *sslkey)
{
UTF8CHECK_VOID(cert);
UTF8CHECK_VOID(sslkey);
vpninfo->cert = cert;
if (sslkey)
vpninfo->sslkey = sslkey;
......@@ -374,6 +383,8 @@ int openconnect_parse_url(struct openconnect_info *vpninfo, char *url)
char *scheme = NULL;
int ret;
UTF8CHECK(url);
openconnect_set_hostname(vpninfo, NULL);
free(vpninfo->urlpath);
vpninfo->urlpath = NULL;
......@@ -596,6 +607,7 @@ static int set_hotp_mode(struct openconnect_info *vpninfo,
* read the token data from ~/.stokenrc.
*
* Return value:
* = -EILSEQ, if token_str is not valid UTF-8
* = -EOPNOTSUPP, if the underlying library (libstoken, liboath) is not
* available or an invalid token_mode was provided
* = -EINVAL, if the token string is invalid (token_str was provided)
......@@ -610,6 +622,8 @@ int openconnect_set_token_mode(struct openconnect_info *vpninfo,
{
vpninfo->token_mode = OC_TOKEN_MODE_NONE;
UTF8CHECK(token_str);
switch (token_mode) {
case OC_TOKEN_MODE_NONE:
return 0;
......@@ -637,6 +651,7 @@ int openconnect_set_token_mode(struct openconnect_info *vpninfo,
* DEPRECATED: use openconnect_set_stoken_mode() instead.
*
* Return value:
* = -EILSEQ, if token_str is not valid UTF-8
* = -EOPNOTSUPP, if libstoken is not available
* = -EINVAL, if the token string is invalid (token_str was provided)
* = -ENOENT, if ~/.stokenrc is missing (token_str was NULL)
......@@ -672,6 +687,9 @@ int openconnect_setup_tun_device(struct openconnect_info *vpninfo, char *vpnc_sc
intptr_t tun_fd;
char *legacy_ifname;
UTF8CHECK(vpnc_script);
UTF8CHECK(ifname);
vpninfo->vpnc_script = vpnc_script;
vpninfo->ifname = ifname;
......
......@@ -671,4 +671,20 @@ int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *b
/* version.c */
extern const char *openconnect_version_str;
#define UTF8CHECK(arg) \
if ((arg) && buf_append_utf16le(NULL, (arg))) { \
vpn_progress(vpninfo, PRG_ERR, \
_("ERROR: %s() called with invalid UTF-8 for '%s' argument\n"),\
__func__, #arg); \
return -EILSEQ; \
}
#define UTF8CHECK_VOID(arg) \
if ((arg) && buf_append_utf16le(NULL, (arg))) { \
vpn_progress(vpninfo, PRG_ERR, \
_("ERROR: %s() called with invalid UTF-8 for '%s' argument\n"),\
__func__, #arg); \
return; \
}
#endif /* __OPENCONNECT_INTERNAL_H__ */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment