diff options
author | Pavel Březina <pbrezina@redhat.com> | 2012-02-10 17:30:37 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-10 13:30:01 -0500 |
commit | 21a053f0b004eef4c8beb4b36ed13a55c9ee1e28 (patch) | |
tree | 94d72260e0a612b07c39d399ec827ca3169d605f /src | |
parent | db419c61035cb262010cc8d5a4047191c2b60f05 (diff) | |
download | sssd-21a053f0b004eef4c8beb4b36ed13a55c9ee1e28.tar.gz sssd-21a053f0b004eef4c8beb4b36ed13a55c9ee1e28.tar.bz2 sssd-21a053f0b004eef4c8beb4b36ed13a55c9ee1e28.zip |
SUDO responder: check if the input is a UTF-8 string
https://fedorahosted.org/sssd/ticket/1171
Diffstat (limited to 'src')
-rw-r--r-- | src/responder/sudo/sudosrv_cmd.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/responder/sudo/sudosrv_cmd.c b/src/responder/sudo/sudosrv_cmd.c index f179b923..52023bec 100644 --- a/src/responder/sudo/sudosrv_cmd.c +++ b/src/responder/sudo/sudosrv_cmd.c @@ -194,6 +194,13 @@ static int sudosrv_cmd_get_sudorules(struct cli_ctx *cli_ctx) goto done; } + /* If the body isn't valid UTF-8, fail */ + if (!sss_utf8_check(query_body, query_len - 1)) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Supplied data is not valid UTF-8 string\n")); + ret = EINVAL; + goto done; + } + /* parse query */ rawname = sudosrv_get_sudorules_parse_query(cmd_ctx, (const char*)query_body, |