fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-06-10 17:18:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

libnm-sd-shared: reject urls containing control characters, quotes and backslashes

Browse source
This commit is contained in:
Jan Vaclav 2026-06-08 13:05:33 +02:00
parent b5b0dcc90f
commit 2cc705a154
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/libnm-systemd-shared/nm-sd-utils-shared.c
View file

@ -52,6 +52,11 @@ nm_sd_dns_name_normalize(const char *s)
}
/*****************************************************************************/
static gboolean
_http_url_is_invalid_char(char ch)
{
return (guchar) ch >= 128u || (guchar) ch < 0x20 || NM_IN_SET(ch, '"', '\\');
}
static gboolean
_http_url_is_valid(const char *url, gboolean only_https)
@ -69,7 +74,7 @@ _http_url_is_valid(const char *url, gboolean only_https)
if (!url[0])
return FALSE;
return !NM_STRCHAR_ANY(url, ch, (guchar) ch >= 128u);
return !NM_STRCHAR_ANY(url, ch, _http_url_is_invalid_char(ch));
}
gboolean
@ -82,12 +87,13 @@ nm_sd_http_url_is_valid_https(const char *url)
* assert with http_url_is_valid() that the argument is valid. We thus must make
* sure to only pass URLs that are valid according to http_url_is_valid().
*
* This is given, because our nm_sd_http_url_is_valid_https() is more strict
* than http_url_is_valid().
* This is given, because our nm_sd_http_url_is_valid_https() is more restrictive
* than http_url_is_valid(). The assertion below checks that anything we accept,
* systemd must also accept.
*
* We only must make sure that this is also correct in the future, when we
* re-import systemd code. */
nm_assert(_http_url_is_valid(url, FALSE) == http_url_is_valid(url));
nm_assert(!_http_url_is_valid(url, FALSE) || http_url_is_valid(url));
return _http_url_is_valid(url, TRUE);
}