From 82c5a37bdd2cce80c1be53ac7781f3bdab7d9677 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Thu, 31 Jul 2014 16:42:46 +0100
Subject: [PATCH] Check inputs for invalid UTF-8

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
 Makefile.am            |  3 ++-
 library.c              | 18 ++++++++++++++++++
 openconnect-internal.h | 16 ++++++++++++++++
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/Makefile.am b/Makefile.am
index d0e378aa..d46447be 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -28,7 +28,8 @@ lib_srcs_gssapi = gssapi.c
 lib_srcs_iconv = iconv.c
 
 POTFILES = $(openconnect_SOURCES) $(lib_srcs_openssl) $(lib_srcs_gnutls) \
-	   $(library_srcs) $(lib_srcs_win32) $(lib_srcs_posix) $(lib_srcs_gssapi)
+	   $(library_srcs) $(lib_srcs_win32) $(lib_srcs_posix) $(lib_srcs_gssapi) \
+	   $(lib_srcs_iconv) openconnect-internal.h
 
 if OPENCONNECT_GSSAPI
 library_srcs += $(lib_srcs_gssapi)
diff --git a/library.c b/library.c
index c31b4858..7f40a92d 100644
--- a/library.c
+++ b/library.c
@@ -248,6 +248,8 @@ char *openconnect_get_hostname(struct openconnect_info *vpninfo)
 
 void openconnect_set_hostname(struct openconnect_info *vpninfo, char *hostname)
 {
+	UTF8CHECK_VOID(hostname);
+
 	free(vpninfo->hostname);
 	vpninfo->hostname = hostname;
 	free(vpninfo->unique_hostname);
@@ -263,6 +265,8 @@ char *openconnect_get_urlpath(struct openconnect_info *vpninfo)
 
 void openconnect_set_urlpath(struct openconnect_info *vpninfo, char *urlpath)
 {
+	UTF8CHECK_VOID(urlpath);
+
 	vpninfo->urlpath = urlpath;
 }
 
@@ -276,6 +280,8 @@ void openconnect_set_xmlsha1(struct openconnect_info *vpninfo, const char *xmlsh
 
 void openconnect_set_cafile(struct openconnect_info *vpninfo, char *cafile)
 {
+	UTF8CHECK_VOID(cafile);
+
 	vpninfo->cafile = cafile;
 }
 
@@ -331,6 +337,9 @@ void openconnect_set_xmlpost(struct openconnect_info *vpninfo, int enable)
 
 void openconnect_set_client_cert(struct openconnect_info *vpninfo, char *cert, char *sslkey)
 {
+	UTF8CHECK_VOID(cert);
+	UTF8CHECK_VOID(sslkey);
+
 	vpninfo->cert = cert;
 	if (sslkey)
 		vpninfo->sslkey = sslkey;
@@ -374,6 +383,8 @@ int openconnect_parse_url(struct openconnect_info *vpninfo, char *url)
 	char *scheme = NULL;
 	int ret;
 
+	UTF8CHECK(url);
+
 	openconnect_set_hostname(vpninfo, NULL);
 	free(vpninfo->urlpath);
 	vpninfo->urlpath = NULL;
@@ -596,6 +607,7 @@ static int set_hotp_mode(struct openconnect_info *vpninfo,
  * read the token data from ~/.stokenrc.
  *
  * Return value:
+ *  = -EILSEQ, if token_str is not valid UTF-8
  *  = -EOPNOTSUPP, if the underlying library (libstoken, liboath) is not
  *                 available or an invalid token_mode was provided
  *  = -EINVAL, if the token string is invalid (token_str was provided)
@@ -610,6 +622,8 @@ int openconnect_set_token_mode(struct openconnect_info *vpninfo,
 {
 	vpninfo->token_mode = OC_TOKEN_MODE_NONE;
 
+	UTF8CHECK(token_str);
+
 	switch (token_mode) {
 	case OC_TOKEN_MODE_NONE:
 		return 0;
@@ -637,6 +651,7 @@ int openconnect_set_token_mode(struct openconnect_info *vpninfo,
  * DEPRECATED: use openconnect_set_stoken_mode() instead.
  *
  * Return value:
+ *  = -EILSEQ, if token_str is not valid UTF-8
  *  = -EOPNOTSUPP, if libstoken is not available
  *  = -EINVAL, if the token string is invalid (token_str was provided)
  *  = -ENOENT, if ~/.stokenrc is missing (token_str was NULL)
@@ -672,6 +687,9 @@ int openconnect_setup_tun_device(struct openconnect_info *vpninfo, char *vpnc_sc
 	intptr_t tun_fd;
 	char *legacy_ifname;
 
+	UTF8CHECK(vpnc_script);
+	UTF8CHECK(ifname);
+
 	vpninfo->vpnc_script = vpnc_script;
 	vpninfo->ifname = ifname;
 
diff --git a/openconnect-internal.h b/openconnect-internal.h
index f5c370ce..0d275e41 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -671,4 +671,20 @@ int digest_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *b
 /* version.c */
 extern const char *openconnect_version_str;
 
+#define UTF8CHECK(arg) \
+	if ((arg) && buf_append_utf16le(NULL, (arg))) { \
+		vpn_progress(vpninfo, PRG_ERR,				\
+			     _("ERROR: %s() called with invalid UTF-8 for '%s' argument\n"),\
+			     __func__, #arg);				\
+		return -EILSEQ;						\
+	}
+
+#define UTF8CHECK_VOID(arg) \
+	if ((arg) && buf_append_utf16le(NULL, (arg))) { \
+		vpn_progress(vpninfo, PRG_ERR,				\
+			     _("ERROR: %s() called with invalid UTF-8 for '%s' argument\n"),\
+			     __func__, #arg);				\
+		return;							\
+	}
+
 #endif /* __OPENCONNECT_INTERNAL_H__ */