mirror of git://git.sysmocom.de/ofono
stkagent: Sanitize any output from the agent
This commit is contained in:
parent
af9951d5d0
commit
ce79121d27
|
@ -59,6 +59,9 @@ struct stk_agent {
|
|||
DBusPendingCall *call;
|
||||
void *user_cb;
|
||||
void *user_data;
|
||||
int min_length;
|
||||
int max_length;
|
||||
ofono_bool_t hidden_entry;
|
||||
ofono_destroy_func user_destroy;
|
||||
|
||||
const struct stk_menu *request_selection_menu;
|
||||
|
@ -539,14 +542,24 @@ static void get_digit_cb(DBusPendingCall *call, void *data)
|
|||
|
||||
if (dbus_message_get_args(reply, NULL,
|
||||
DBUS_TYPE_STRING, &digit,
|
||||
DBUS_TYPE_INVALID) == FALSE ||
|
||||
strlen(digit) != 1 ||
|
||||
!valid_phone_number_format(digit)) {
|
||||
DBUS_TYPE_INVALID) == FALSE) {
|
||||
ofono_error("Can't parse the reply to GetDigit()");
|
||||
remove_agent = TRUE;
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (strlen(digit) != 1 || !strspn(digit, "0123456789*#+")) {
|
||||
ofono_error("Invalid character");
|
||||
remove_agent = TRUE;
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (agent->hidden_entry && digit[0] == '+') {
|
||||
ofono_error("The character + is not allowed in this mode");
|
||||
remove_agent = TRUE;
|
||||
goto error;
|
||||
}
|
||||
|
||||
cb(result, digit, agent->user_data);
|
||||
|
||||
CALLBACK_END();
|
||||
|
@ -578,6 +591,7 @@ int stk_agent_request_digit(struct stk_agent *agent, const char *text,
|
|||
agent->user_cb = cb;
|
||||
agent->user_data = user_data;
|
||||
agent->user_destroy = destroy;
|
||||
agent->hidden_entry = FALSE;
|
||||
|
||||
dbus_pending_call_set_notify(agent->call, get_digit_cb, agent, NULL);
|
||||
|
||||
|
@ -610,6 +624,7 @@ int stk_agent_request_quick_digit(struct stk_agent *agent, const char *text,
|
|||
agent->user_cb = cb;
|
||||
agent->user_data = user_data;
|
||||
agent->user_destroy = destroy;
|
||||
agent->hidden_entry = TRUE;
|
||||
|
||||
dbus_pending_call_set_notify(agent->call, get_digit_cb, agent, NULL);
|
||||
|
||||
|
@ -692,6 +707,7 @@ static void get_digits_cb(DBusPendingCall *call, void *data)
|
|||
enum stk_agent_result result;
|
||||
gboolean remove_agent;
|
||||
char *string;
|
||||
int len, span;
|
||||
|
||||
if (check_error(agent, reply,
|
||||
ALLOWED_ERROR_GO_BACK | ALLOWED_ERROR_TERMINATE,
|
||||
|
@ -713,6 +729,25 @@ static void get_digits_cb(DBusPendingCall *call, void *data)
|
|||
goto error;
|
||||
}
|
||||
|
||||
len = strlen(string);
|
||||
|
||||
if (len < agent->min_length || len > agent->max_length) {
|
||||
ofono_error("Length not acceptable");
|
||||
remove_agent = TRUE;
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (agent->hidden_entry)
|
||||
span = strspn(string, "0123456789*#");
|
||||
else
|
||||
span = strspn(string, "0123456789*#+");
|
||||
|
||||
if (span != len) {
|
||||
ofono_error("Invalid character found");
|
||||
remove_agent = TRUE;
|
||||
goto error;
|
||||
}
|
||||
|
||||
cb(result, string, agent->user_data);
|
||||
|
||||
CALLBACK_END();
|
||||
|
@ -756,6 +791,9 @@ int stk_agent_request_digits(struct stk_agent *agent, const char *text,
|
|||
agent->user_cb = cb;
|
||||
agent->user_data = user_data;
|
||||
agent->user_destroy = destroy;
|
||||
agent->min_length = min_val;
|
||||
agent->max_length = max_val;
|
||||
agent->hidden_entry = hidden_val;
|
||||
|
||||
dbus_pending_call_set_notify(agent->call, get_digits_cb, agent, NULL);
|
||||
|
||||
|
@ -770,6 +808,7 @@ static void get_input_cb(DBusPendingCall *call, void *data)
|
|||
enum stk_agent_result result;
|
||||
gboolean remove_agent;
|
||||
char *string;
|
||||
int len;
|
||||
|
||||
if (check_error(agent, reply,
|
||||
ALLOWED_ERROR_GO_BACK | ALLOWED_ERROR_TERMINATE,
|
||||
|
@ -791,6 +830,14 @@ static void get_input_cb(DBusPendingCall *call, void *data)
|
|||
goto error;
|
||||
}
|
||||
|
||||
len = g_utf8_strlen(string, -1);
|
||||
|
||||
if (len < agent->min_length || len > agent->max_length) {
|
||||
ofono_error("Length not acceptable");
|
||||
remove_agent = TRUE;
|
||||
goto error;
|
||||
}
|
||||
|
||||
cb(result, string, agent->user_data);
|
||||
|
||||
CALLBACK_END();
|
||||
|
@ -835,6 +882,9 @@ int stk_agent_request_input(struct stk_agent *agent, const char *text,
|
|||
agent->user_cb = cb;
|
||||
agent->user_data = user_data;
|
||||
agent->user_destroy = destroy;
|
||||
agent->min_length = min_val;
|
||||
agent->max_length = max_val;
|
||||
agent->hidden_entry = hidden_val;
|
||||
|
||||
dbus_pending_call_set_notify(agent->call, get_input_cb, agent, NULL);
|
||||
|
||||
|
|
Loading…
Reference in New Issue