From 0d6ae94783b35a5c42d88872d1adb523f5fcc6f3 Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Wed, 21 Sep 2016 12:27:23 +0800 Subject: uuid: Tighten uuid parse sscanf is relatively loose (tolerate) on some invalid formats that we should fail instead of generating a wrong uuid structure, like with whitespaces and short strings. Add and use a helper function to first check the format. Signed-off-by: Fam Zheng Reviewed-by: Eric Blake Reviewed-by: Jeff Cody Message-Id: <1474432046-325-11-git-send-email-famz@redhat.com> --- util/uuid.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'util/uuid.c') diff --git a/util/uuid.c b/util/uuid.c index 47019035bf..dd6b5fdf05 100644 --- a/util/uuid.c +++ b/util/uuid.c @@ -61,12 +61,34 @@ char *qemu_uuid_unparse_strdup(const QemuUUID *uuid) uu[13], uu[14], uu[15]); } +static bool qemu_uuid_is_valid(const char *str) +{ + int i; + + for (i = 0; i < strlen(str); i++) { + const char c = str[i]; + if (i == 8 || i == 13 || i == 18 || i == 23) { + if (str[i] != '-') { + return false; + } + } else { + if ((c >= '0' && c <= '9') || + (c >= 'A' && c <= 'F') || + (c >= 'a' && c <= 'f')) { + continue; + } + return false; + } + } + return i == 36; +} + int qemu_uuid_parse(const char *str, QemuUUID *uuid) { unsigned char *uu = &uuid->data[0]; int ret; - if (strlen(str) != 36) { + if (!qemu_uuid_is_valid(str)) { return -1; } -- cgit v1.2.3