From: Alan T. DeKok <aland@freeradius.org>
Date: Tue, 26 Sep 2023 13:11:14 +0000 (-0400)
Subject: enforce correct names on function registrations
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d8e7638830dffbfcebdbbd63e73f190fedcabe5d;p=thirdparty%2Ffreeradius-server.git

enforce correct names on function registrations
---

diff --git a/src/lib/unlang/xlat_func.c b/src/lib/unlang/xlat_func.c
index 225778563f4..182f6304995 100644
--- a/src/lib/unlang/xlat_func.c
+++ b/src/lib/unlang/xlat_func.c
@@ -199,6 +199,8 @@ xlat_t *xlat_func_register_module(TALLOC_CTX *ctx, module_inst_ctx_t const *mctx
 {
 	xlat_t	*c;
 	module_inst_ctx_t *our_mctx = NULL;
+	size_t len, used;
+	fr_sbuff_t in;
 	char inst_name[256];
 
 	fr_assert(xlat_root);
@@ -217,6 +219,16 @@ xlat_t *xlat_func_register_module(TALLOC_CTX *ctx, module_inst_ctx_t const *mctx
 		name = inst_name;
 	}
 
+	len = strlen(name);
+	in = FR_SBUFF_IN(name, len);
+	fr_sbuff_adv_past_allowed(&in, SIZE_MAX, xlat_func_chars, NULL);
+	used = fr_sbuff_used(&in);
+
+	if (used < len) {
+		ERROR("%s: Invalid character '%c' in dynamic expansion name '%s'", __FUNCTION__, name[used], name);
+		return NULL;
+	}
+
 	/*
 	 *	If it already exists, replace the instance.
 	 */
diff --git a/src/lib/unlang/xlat_priv.h b/src/lib/unlang/xlat_priv.h
index bd729081bc2..4a0ea8061a7 100644
--- a/src/lib/unlang/xlat_priv.h
+++ b/src/lib/unlang/xlat_priv.h
@@ -290,6 +290,11 @@ extern fr_dict_attr_t const *attr_expr_bool_enum;
 extern fr_dict_attr_t const *attr_module_return_code;
 extern fr_dict_attr_t const *attr_cast_base;
 
+/*
+ *	xlat_tokenize.c
+ */
+extern bool const xlat_func_chars[UINT8_MAX + 1];
+
 void		xlat_signal(xlat_func_signal_t signal, xlat_exp_t const *exp,
 			    request_t *request, void *rctx, fr_signal_t action);
 
diff --git a/src/lib/unlang/xlat_tokenize.c b/src/lib/unlang/xlat_tokenize.c
index da584da8883..bea978cf0b6 100644
--- a/src/lib/unlang/xlat_tokenize.c
+++ b/src/lib/unlang/xlat_tokenize.c
@@ -258,7 +258,7 @@ int xlat_validate_function_mono(xlat_exp_t *node)
 	return 0;
 }
 
-static bool const func_chars[UINT8_MAX + 1] = {
+bool const xlat_func_chars[UINT8_MAX + 1] = {
 	SBUFF_CHAR_CLASS_ALPHA_NUM,
 	['.'] = true, ['-'] = true, ['_'] = true,
 };
@@ -291,7 +291,7 @@ static inline int xlat_tokenize_function_mono(xlat_exp_head_t *head,
 	 *	%{module:args}
 	 */
 	fr_sbuff_marker(&m_s, in);
-	fr_sbuff_adv_past_allowed(in, SIZE_MAX, func_chars, NULL);
+	fr_sbuff_adv_past_allowed(in, SIZE_MAX, xlat_func_chars, NULL);
 
 	if (!fr_sbuff_is_char(in, ':')) {
 		fr_strerror_const("Can't find function/argument separator");
@@ -548,7 +548,7 @@ int xlat_tokenize_function_args(xlat_exp_head_t *head, fr_sbuff_t *in,
 	 *	%(module:args)
 	 */
 	fr_sbuff_marker(&m_s, in);
-	fr_sbuff_adv_past_allowed(in, SIZE_MAX, func_chars, NULL);
+	fr_sbuff_adv_past_allowed(in, SIZE_MAX, xlat_func_chars, NULL);
 
 	if (!fr_sbuff_is_char(in, ':')) {
 		fr_strerror_const("Can't find function/argument separator");
@@ -1012,7 +1012,7 @@ static int xlat_tokenize_string(xlat_exp_head_t *head,
 			fr_sbuff_marker_t m_s;
 
 			fr_sbuff_marker(&m_s, in);
-			fr_sbuff_adv_past_allowed(in, SIZE_MAX, func_chars, NULL);
+			fr_sbuff_adv_past_allowed(in, SIZE_MAX, xlat_func_chars, NULL);
 
 			/*
 			 *	Special-case: %% is just %