From a797930bed5fdbee2d33eb8aa4e55f09a9799876 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 11 Mar 2011 13:55:20 +0200 Subject: [PATCH 1/2] Filter out invalid usernames RFC 2812 defines usernames as: user = 1*( %x01-09 / %x0B-0C / %x0E-1F / %x21-3F / %x41-FF ) ; any octet except NUL, CR, LF, " " and "@" http://tools.ietf.org/html/rfc2812#section-2.3.1 Fixes: https://bugs.freedesktop.org/35239 --- src/protocol.c | 31 ++++++++++++++++++++++++++++++- 1 files changed, 30 insertions(+), 1 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index a450e99..d6c4152 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -57,6 +57,34 @@ filter_nick (const TpCMParamSpec *paramspec, return TRUE; } +static gboolean +filter_username (const TpCMParamSpec *paramspec, + GValue *value, + GError **error) +{ + const gchar *username; + size_t i; + + g_assert (value); + g_assert (G_VALUE_HOLDS_STRING (value)); + + username = g_value_get_string (value); + + for (i = 0; username[i] != '\0'; i++) + { + const char ch = username[i]; + + if (ch == 0x00 || ch == 0x0A || ch == 0x0D || ch == 0x20 || ch == 0x40) + { + g_set_error (error, TP_ERRORS, TP_ERROR_INVALID_ARGUMENT, + "Invalid user name '%s'", username); + return FALSE; + } + } + + return TRUE; +} + static const TpCMParamSpec idle_params[] = { {"account", DBUS_TYPE_STRING_AS_STRING, G_TYPE_STRING, TP_CONN_MGR_PARAM_FLAG_REQUIRED, NULL, 0, filter_nick}, @@ -67,7 +95,8 @@ static const TpCMParamSpec idle_params[] = { { "password", DBUS_TYPE_STRING_AS_STRING, G_TYPE_STRING, TP_CONN_MGR_PARAM_FLAG_SECRET }, { "fullname", DBUS_TYPE_STRING_AS_STRING, G_TYPE_STRING, 0 }, - { "username", DBUS_TYPE_STRING_AS_STRING, G_TYPE_STRING, 0 }, + { "username", DBUS_TYPE_STRING_AS_STRING, G_TYPE_STRING, 0, NULL, 0, + filter_username }, { "charset", DBUS_TYPE_STRING_AS_STRING, G_TYPE_STRING, TP_CONN_MGR_PARAM_FLAG_HAS_DEFAULT, "UTF-8" }, { "quit-message", DBUS_TYPE_STRING_AS_STRING, G_TYPE_STRING, 0 }, -- 1.7.4