From 9228b3ba170a0f68dbb432b2455c75d5fff21506 Mon Sep 17 00:00:00 2001
From: Christian Mollekopf <chrigi_1@fastmail.fm>
Date: Wed, 3 May 2017 21:29:28 +0200
Subject: Sanity check db names

lmdb and sink deal badly with e.g. a string containing a null in the
millde as db name. Thus we try to protect better against it.
This is an actual problem we triggered: https://phabricator.kde.org/T5880
---
 common/storage/entitystore.cpp |  5 +++++
 common/storage_lmdb.cpp        | 20 ++++++++++++++++++++
 2 files changed, 25 insertions(+)

(limited to 'common')

diff --git a/common/storage/entitystore.cpp b/common/storage/entitystore.cpp
index b7309ab..4cb4641 100644
--- a/common/storage/entitystore.cpp
+++ b/common/storage/entitystore.cpp
@@ -320,6 +320,11 @@ void EntityStore::cleanupEntityRevisionsUntil(qint64 revision)
 {
     const auto uid = DataStore::getUidFromRevision(d->transaction, revision);
     const auto bufferType = DataStore::getTypeFromRevision(d->transaction, revision);
+    if (bufferType.isEmpty() || uid.isEmpty()) {
+        SinkErrorCtx(d->logCtx) << "Failed to find revision during cleanup: " << revision;
+        Q_ASSERT(false);
+        return;
+    }
     SinkTraceCtx(d->logCtx) << "Cleaning up revision " << revision << uid << bufferType;
     DataStore::mainDatabase(d->transaction, bufferType)
         .scan(uid,
diff --git a/common/storage_lmdb.cpp b/common/storage_lmdb.cpp
index 08eea37..18364ea 100644
--- a/common/storage_lmdb.cpp
+++ b/common/storage_lmdb.cpp
@@ -169,6 +169,26 @@ public:
             if (const int rc = mdb_dbi_open(transaction, db.constData(), flags, &dbi)) {
                 //Create the db if it is not existing already
                 if (rc == MDB_NOTFOUND && !readOnly) {
+                    //Sanity check db name
+                    {
+                        auto parts = db.split('.');
+                        for (const auto &p : parts) {
+                            auto containsSpecialCharacter = [] (const QByteArray &p) {
+                                for (int i = 0; i < p.size(); i++) {
+                                    const auto c = p.at(i);
+                                    //Between 0 and z in the ascii table. Essentially ensures that the name is printable and doesn't contain special chars
+                                    if (c < 0x30 || c > 0x7A) {
+                                        return true;
+                                    }
+                                }
+                                return false;
+                            };
+                            if (p.isEmpty() || containsSpecialCharacter(p)) {
+                                SinkError() << "Tried to create a db with an invalid name. Hex:" << db.toHex() << " ASCII:" << db;
+                                Q_ASSERT(false);
+                            }
+                        }
+                    }
                     if (const int rc = mdb_dbi_open(transaction, db.constData(), flags | MDB_CREATE, &dbi)) {
                         SinkWarning() << "Failed to create db " << QByteArray(mdb_strerror(rc));
                         Error error(name.toLatin1(), ErrorCodes::GenericError, "Error while creating database: " + QByteArray(mdb_strerror(rc)));
-- 
cgit v1.2.3