From 05f146f8171f6028e84752e4698d36e95e00ee89 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sun, 11 Oct 2015 19:31:44 +0200
Subject: [PATCH] Validate section names from site.conf in various packages

---
 package/gluon-autoupdater/check_site.lua    | 2 ++
 package/gluon-mesh-vpn-fastd/check_site.lua | 4 ++++
 package/gluon-simple-tc/check_site.lua      | 2 ++
 scripts/check_site_lib.lua                  | 6 ++++++
 4 files changed, 14 insertions(+)

diff --git a/package/gluon-autoupdater/check_site.lua b/package/gluon-autoupdater/check_site.lua
index 1d8996f05..9f443fec5 100644
--- a/package/gluon-autoupdater/check_site.lua
+++ b/package/gluon-autoupdater/check_site.lua
@@ -1,6 +1,8 @@
 need_string 'autoupdater.branch'
 
 local function check_branch(k, _)
+   assert_uci_name(k)
+
    local prefix = string.format('autoupdater.branches[%q].', k)
 
    need_string(prefix .. 'name')
diff --git a/package/gluon-mesh-vpn-fastd/check_site.lua b/package/gluon-mesh-vpn-fastd/check_site.lua
index 7a2c4913d..7960ea191 100644
--- a/package/gluon-mesh-vpn-fastd/check_site.lua
+++ b/package/gluon-mesh-vpn-fastd/check_site.lua
@@ -6,6 +6,8 @@ need_boolean('fastd_mesh_vpn.configurable', false)
 
 local function check_peer(prefix)
   return function(k, _)
+    assert_uci_name(k)
+
     local table = string.format('%s[%q].', prefix, k)
 
     need_string(table .. 'key')
@@ -15,6 +17,8 @@ end
 
 local function check_group(prefix)
   return function(k, _)
+    assert_uci_name(k)
+
     local table = string.format('%s[%q].', prefix, k)
 
     need_number(table .. 'limit', false)
diff --git a/package/gluon-simple-tc/check_site.lua b/package/gluon-simple-tc/check_site.lua
index 95d4fd81c..3b8ddc534 100644
--- a/package/gluon-simple-tc/check_site.lua
+++ b/package/gluon-simple-tc/check_site.lua
@@ -1,4 +1,6 @@
 local function check_entry(k, _)
+   assert_uci_name(k)
+
    local prefix = string.format('simple_tc[%q].', k)
 
    need_string(prefix .. 'ifname')
diff --git a/scripts/check_site_lib.lua b/scripts/check_site_lib.lua
index 994893024..766b94a94 100644
--- a/scripts/check_site_lib.lua
+++ b/scripts/check_site_lib.lua
@@ -12,6 +12,12 @@ local function assert_type(var, t, msg)
 end
 
 
+function assert_uci_name(var)
+   -- We don't use character classes like %w here to be independent of the locale
+   assert(var:match('^[0-9a-zA-Z_]+$'), "site.conf error: `" .. var .. "' is not a valid config section name (only alphanumeric characters and the underscore are allowed)")
+end
+
+
 function need_string(varname, required)
    local var = loadvar(varname)
 
-- 
GitLab