From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 24 Nov 2023 14:07:52 +0000 (-0500)
Subject: attribute names should have at least one alphanumeric character
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=62007bc9df2178347c2ef9ffd7532516d074a2a2;p=thirdparty%2Ffreeradius-server.git

attribute names should have at least one alphanumeric character

---.../// is not a valid attribute name
---

diff --git a/src/lib/util/dict_util.c b/src/lib/util/dict_util.c
index fc100abecf7..7ca9d032941 100644
--- a/src/lib/util/dict_util.c
+++ b/src/lib/util/dict_util.c
@@ -2755,9 +2755,11 @@ fr_slen_t fr_dict_attr_by_name_substr(fr_dict_attr_err_t *err, fr_dict_attr_t co
 	fr_dict_attr_t const	*da;
 	size_t			len;
 	fr_dict_attr_t const	*ref;
+	char const		*p;
 	char			buffer[FR_DICT_ATTR_MAX_NAME_LEN + 1 + 1];	/* +1 \0 +1 for "too long" */
 	fr_sbuff_t		our_name = FR_SBUFF(name);
 	fr_hash_table_t		*namespace;
+
 	*out = NULL;
 
 	len = fr_sbuff_out_bstrncpy_allowed(&FR_SBUFF_OUT(buffer, sizeof(buffer)),
@@ -2774,6 +2776,19 @@ fr_slen_t fr_dict_attr_by_name_substr(fr_dict_attr_err_t *err, fr_dict_attr_t co
 		FR_SBUFF_ERROR_RETURN(&our_name);
 	}
 
+	/*
+	 *	Do a second pass, ensuring that the name has at least one alpha-numeric character.
+	 */
+	for (p = buffer; p < (buffer + len); p++) {
+		if (sbuff_char_alpha_num[(uint8_t) *p]) break;
+	}
+
+	if ((size_t) (p - buffer) == len) {
+		fr_strerror_const("Invalid attribute name");
+		if (err) *err = FR_DICT_ATTR_PARSE_ERROR;
+		FR_SBUFF_ERROR_RETURN(&our_name);
+	}
+
 	ref = fr_dict_attr_ref(parent);
 	if (ref) parent = ref;
 
@@ -4104,6 +4119,7 @@ ssize_t fr_dict_valid_name(char const *name, ssize_t len)
 {
 	char const *p = name, *end;
 	bool unknown = false;
+	bool alnum = false;
 
 	if (len < 0) len = strlen(name);
 
@@ -4128,15 +4144,24 @@ ssize_t fr_dict_valid_name(char const *name, ssize_t len)
 
 			return -(p - name);
 		}
+
+		alnum |= sbuff_char_alpha_num[(uint8_t)*p];
+
 		p++;
 	}
 
+	if (!alnum) {
+		fr_strerror_const("Invalid attribute name");
+		return -1;
+	}
+
 	return len;
 }
 
 ssize_t fr_dict_valid_oid_str(char const *name, ssize_t len)
 {
 	char const *p = name, *end;
+	bool alnum = false;
 
 	if (len < 0) len = strlen(name);
 	end = p + len;
@@ -4148,9 +4173,13 @@ ssize_t fr_dict_valid_oid_str(char const *name, ssize_t len)
 
 			return -(p - name);
 		}
+
+		alnum |= sbuff_char_alpha_num[(uint8_t)*p];
 		p++;
 	} while (p < end);
 
+	if (!alnum) return 0;
+
 	return len;
 }