fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-06-10 13:48:25 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

libnm-sd-shared: reject urls containing control characters, quotes and backslashes

Browse source
This commit is contained in:
Jan Vaclav 2026-06-08 13:05:33 +02:00
parent 87a7700460
commit af9c1baaf0
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/libnm-systemd-shared/nm-sd-utils-shared.c
View file

@ -53,6 +53,12 @@ nm_sd_dns_name_normalize(const char *s)
/*****************************************************************************/
static gboolean
_http_url_is_invalid_char(char ch)
{
return (guchar) ch >= 128u || (guchar) ch < 0x20 || NM_IN_SET(ch, '"', '\\');
}
static gboolean
_http_url_is_valid(const char *url, gboolean only_https)
{
@ -69,7 +75,7 @@ _http_url_is_valid(const char *url, gboolean only_https)
if (!url[0])
return FALSE;
return !NM_STRCHAR_ANY(url, ch, (guchar) ch >= 128u);
return !NM_STRCHAR_ANY(url, ch, _http_url_is_invalid_char(ch));
}
gboolean
@ -82,12 +88,13 @@ nm_sd_http_url_is_valid_https(const char *url)
* assert with http_url_is_valid() that the argument is valid. We thus must make
* sure to only pass URLs that are valid according to http_url_is_valid().
*
* This is given, because our nm_sd_http_url_is_valid_https() is more strict
* than http_url_is_valid().
* This is given, because our nm_sd_http_url_is_valid_https() is more restrictive
* than http_url_is_valid(). The assertion below checks that anything we accept,
* systemd must also accept.
*
* We only must make sure that this is also correct in the future, when we
* re-import systemd code. */
nm_assert(_http_url_is_valid(url, FALSE) == http_url_is_valid(url));
nm_assert(!_http_url_is_valid(url, FALSE) || http_url_is_valid(url));
return _http_url_is_valid(url, TRUE);
}