#include <syslog.h>
#include <sys/utsname.h>
-#include "udev_libc_wrapper.h"
#include "udev.h"
-#include "logging.h"
-#include "udev_utils.h"
-#include "list.h"
/* compare string with pattern (like fnmatch(), supports * ? [0-9] [!A-Z]) */
int strcmp_pattern(const char *p, const char *s)
return 0;
}
-void remove_trailing_char(char *path, char c)
+void remove_trailing_chars(char *path, char c)
{
size_t len;
return len;
}
-void replace_untrusted_chars(char *string)
+/* replace everything but whitelisted plain ascii and valid utf8 */
+int replace_untrusted_chars(char *str)
{
- size_t len;
+ size_t i = 0;
+ int replaced = 0;
+
+ while (str[i] != '\0') {
+ int len;
+
+ /* valid printable ascii char */
+ if ((str[i] >= '0' && str[i] <= '9') ||
+ (str[i] >= 'A' && str[i] <= 'Z') ||
+ (str[i] >= 'a' && str[i] <= 'z') ||
+ strchr(" #$%+-./:=?@_,", str[i])) {
+ i++;
+ continue;
+ }
+ /* valid utf8 is accepted */
+ len = utf8_encoded_valid_unichar(&str[i]);
+ if (len > 1) {
+ i += len;
+ continue;
+ }
- for (len = 0; string[len] != '\0'; len++) {
- if (strchr(";,~\\()\'", string[len]))
- string[len] = '_';
+ /* everything else is garbage */
+ str[i] = '_';
+ i++;
+ replaced++;
}
+
+ return replaced;
}