From: Arvin Schnell <aschnell@suse.de>
Date: Tue, 10 May 2011 10:02:58 +0000 (+0200)
Subject: - added more checks
X-Git-Tag: v0.1.3~388
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fee8acc34166dfc721119e9ad0996d2b84321163;p=thirdparty%2Fsnapper.git

- added more checks
---

diff --git a/snapper/Snapper.cc b/snapper/Snapper.cc
index a64fb0a9..07b283ab 100644
--- a/snapper/Snapper.cc
+++ b/snapper/Snapper.cc
@@ -24,6 +24,7 @@
 #include <sys/types.h>
 #include <glob.h>
 #include <string.h>
+#include <boost/algorithm/string.hpp>
 
 #include "config.h"
 #include "snapper/Snapper.h"
@@ -543,6 +544,16 @@ namespace snapper
 	y2mil("config_name:" << config_name << " subvolume:" << subvolume <<
 	      " template_name:" << template_name);
 
+	if (config_name.empty() || config_name.find_first_of(" \t") != string::npos)
+	{
+	    throw AddConfigFailedException("illegal config");
+	}
+
+	if (!boost::starts_with(subvolume, "/"))
+	{
+	    throw AddConfigFailedException("illegal subvolume");
+	}
+
 	if (access(string(CONFIGTEMPLATEDIR "/" + template_name).c_str(), R_OK) != 0)
 	{
 	    throw AddConfigFailedException("cannot access template config");