Since we are using the UUID in the filesystem paths, we must make sure
that no malicious content is in the field.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
__pakfire_which(pakfire, path, sizeof(path), what)
int __pakfire_which(struct pakfire* pakfire, char* path, const size_t length, const char* what);
+// UUID Stuff
+
+int pakfire_uuid_is_valid(const char* s);
char* pakfire_generate_uuid(void);
int pakfire_tty_is_noninteractive(void);
return 1;
}
- // XXX check if the UUID is valid
-
return pakfire_cache_path(pkg->pakfire, pkg->cache_path, "%s/%s", uuid, filename);
}
case PAKFIRE_PKG_UUID:
ret = solvable_lookup_str(s, SOLVABLE_PKGID);
+
+ // Validate the UUID
+ if (!pakfire_uuid_is_valid(ret)) {
+ errno = EINVAL;
+ return NULL;
+ }
+
break;
case PAKFIRE_PKG_SUMMARY:
case PAKFIRE_PKG_UUID:
id = SOLVABLE_PKGID;
+
+ // Validate the UUID
+ if (!pakfire_uuid_is_valid(value))
+ return -EINVAL;
+
break;
case PAKFIRE_PKG_SUMMARY:
return ret;
}
+int pakfire_uuid_is_valid(const char* s) {
+ uuid_t uuid;
+ int r;
+
+ // Check if we can parse the UUID
+ r = uuid_parse(s, uuid);
+
+ return (r == 0);
+}
+
int pakfire_tty_is_noninteractive(void) {
const int fds[] = {
STDIN_FILENO,