From 6a60dc2fe9a1daf9b2eac86a41278d956f7817af Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Wed, 23 Oct 2013 21:41:33 -0500 Subject: [PATCH] settings: validate hostnames from D-Bus (bgo #711179) Do some minimal verification of hostnames that come in via D-Bus, for length and content. Otherwise we'd get as far as asking glibc to set the system hostname, which would reject us. --- src/settings/nm-settings-error.h | 1 + src/settings/nm-settings.c | 35 ++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/src/settings/nm-settings-error.h b/src/settings/nm-settings-error.h index 7d629fa9fd..a2b4cd466c 100644 --- a/src/settings/nm-settings-error.h +++ b/src/settings/nm-settings-error.h @@ -40,6 +40,7 @@ typedef enum { NM_SETTINGS_ERROR_ADD_FAILED, /*< nick=AddFailed >*/ NM_SETTINGS_ERROR_SAVE_HOSTNAME_NOT_SUPPORTED, /*< nick=SaveHostnameNotSupported >*/ NM_SETTINGS_ERROR_SAVE_HOSTNAME_FAILED, /*< nick=SaveHostnameFailed >*/ + NM_SETTINGS_ERROR_HOSTNAME_INVALID, /*< nick=HostnameInvalid >*/ NM_SETTINGS_ERROR_UUID_EXISTS, /*< nick=UuidExists >*/ } NMSettingsError; diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c index e930815335..c5f68ddd48 100644 --- a/src/settings/nm-settings.c +++ b/src/settings/nm-settings.c @@ -1356,6 +1356,33 @@ pk_hostname_cb (NMAuthChain *chain, nm_auth_chain_unref (chain); } +static gboolean +validate_hostname (const char *hostname) +{ + const char *p; + gboolean dot = TRUE; + + if (!hostname || !hostname[0]) + return FALSE; + + for (p = hostname; *p; p++) { + if (*p == '.') { + if (dot) + return FALSE; + dot = TRUE; + } else { + if (!g_ascii_isalnum (*p) && (*p != '-') && (*p != '_')) + return FALSE; + dot = FALSE; + } + } + + if (dot) + return FALSE; + + return (p - hostname <= HOST_NAME_MAX); +} + static void impl_settings_save_hostname (NMSettings *self, const char *hostname, @@ -1365,6 +1392,14 @@ impl_settings_save_hostname (NMSettings *self, NMAuthChain *chain; GError *error = NULL; + /* Minimal validation of the hostname */ + if (!validate_hostname (hostname)) { + error = g_error_new_literal (NM_SETTINGS_ERROR, + NM_SETTINGS_ERROR_HOSTNAME_INVALID, + "The hostname was too long or contained invalid characters."); + goto done; + } + /* Do any of the plugins support setting the hostname? */ if (!get_plugin (self, NM_SYSTEM_CONFIG_INTERFACE_CAP_MODIFY_HOSTNAME)) { error = g_error_new_literal (NM_SETTINGS_ERROR,