From 8cd9b87c914e82e0e366b64b3b954761ba8135d9 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Mon, 8 Jun 2020 16:55:40 +0200 Subject: [PATCH] lldp: backslash escape untrusted chassis-id,port-id strings This is a serious issue, because this is not guaranteed to be UTF-8 data. Fixes: 07a9364d9c15 ('device: export list of LLDP neighbors through D-Bus') --- src/devices/nm-lldp-listener.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/devices/nm-lldp-listener.c b/src/devices/nm-lldp-listener.c index decc97e55d..34250f82fe 100644 --- a/src/devices/nm-lldp-listener.c +++ b/src/devices/nm-lldp-listener.c @@ -522,7 +522,8 @@ lldp_neighbor_new (sd_lldp_neighbor *neighbor_sd, GError **error) case SD_LLDP_CHASSIS_SUBTYPE_INTERFACE_NAME: case SD_LLDP_CHASSIS_SUBTYPE_LOCALLY_ASSIGNED: case SD_LLDP_CHASSIS_SUBTYPE_CHASSIS_COMPONENT: - neigh->chassis_id = g_strndup ((const char *) chassis_id, chassis_id_len); + neigh->chassis_id = nm_utils_buf_utf8safe_escape_cp (chassis_id, chassis_id_len, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL | NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII) + ?: g_new0 (char, 1); break; case SD_LLDP_CHASSIS_SUBTYPE_MAC_ADDRESS: neigh->chassis_id = nm_utils_hwaddr_ntoa (chassis_id, chassis_id_len); @@ -538,7 +539,8 @@ lldp_neighbor_new (sd_lldp_neighbor *neighbor_sd, GError **error) case SD_LLDP_PORT_SUBTYPE_INTERFACE_NAME: case SD_LLDP_PORT_SUBTYPE_LOCALLY_ASSIGNED: case SD_LLDP_PORT_SUBTYPE_PORT_COMPONENT: - neigh->port_id = strndup ((char *) port_id, port_id_len); + neigh->port_id = nm_utils_buf_utf8safe_escape_cp (port_id, port_id_len, NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_CTRL | NM_UTILS_STR_UTF8_SAFE_FLAG_ESCAPE_NON_ASCII) + ?: g_new0 (char, 1); break; case SD_LLDP_PORT_SUBTYPE_MAC_ADDRESS: neigh->port_id = nm_utils_hwaddr_ntoa (port_id, port_id_len);