Index: src/backend/va_image.c =================================================================== --- src/backend/va_image.c (revision 9237) +++ src/backend/va_image.c (working copy) @@ -262,7 +262,7 @@ } if (is_invalid_image_name(name)) { - printf("Invalid image name!\n"); + printf("Invalid image file name \"%s\"! Allowed characters: \"a-z\", \"A-Z\", \"0-9\", \".\", \"_\", \"-\"\n", name); return 1; } ret = strlen(name); @@ -324,7 +324,7 @@ existed = access(path, F_OK); if (existed == 0 && (sess_state.acc_level != CLI_LEVEL_ENGINEER)) { printf("\"%s\" already existed!\n", name); - return 1; + goto clean; } /* Check the access of the image and if space left is enough */ @@ -336,7 +336,7 @@ ini_ret = va_data_download(mdata_url, VA_IMAGE_META_INFO); if (ini_ret != 0) { printf("\nFailed to download metadata for the VA image!\n"); - return 1; + goto clean; } } @@ -401,6 +401,10 @@ if (0 == va_check_disk_file(name, disks)) { int disk_idx = 0; for (;disk_idx < VA_MAX_DISK && strlen(disks[disk_idx]); ++disk_idx) { + if (is_invalid_image_name(disks[disk_idx])) { + printf("Invalid image file name \"%s\" in the tgz file! Allowed characters: \"a-z\", \"A-Z\", \"0-9\", \".\", \"_\", \"-\"\n", disks[disk_idx]); + goto clean; + } char disk_path[2048]; snprintf(disk_path, sizeof(disk_path), "%s/%s", path, disks[disk_idx]); if (va_check_image_type(disk_path) == VA_IMAGE_FMT_VMDK) { @@ -455,7 +459,11 @@ if(disk_name){ disk_name++; } - snprintf(cmd, sizeof(cmd), "mv %s %s/%s", imgfmt == VA_IMAGE_FMT_QCOW2 ? VA_IMAGE_TMP_QCOW2 : VA_IMAGE_TMP_RAW, + if (is_invalid_image_name(disk_name)) { + printf("Invalid image file name \"%s\" in the URL! Allowed characters: \"a-z\", \"A-Z\", \"0-9\", \".\", \"_\", \"-\"\n", disk_name); + goto clean; + } + snprintf(cmd, sizeof(cmd), "mv %s %s/%s", imgfmt == VA_IMAGE_FMT_QCOW2 ? VA_IMAGE_TMP_QCOW2 : VA_IMAGE_TMP_RAW, path, disk_name); ret = system(cmd); if (ret < 0) { @@ -539,7 +547,7 @@ ret2 = 0; clean: - snprintf(cmd, sizeof(cmd), "rm -rf %s %s %s %s %s %s", ret2 == 0 ? "": path, VA_IMAGE_TMP_TGZ, VA_IMAGE_TMP_ANI, VA_IMAGE_META_INFO, VA_IMAGE_TMP_VMDK, VA_IMAGE_TMP_RAW); + snprintf(cmd, sizeof(cmd), "rm -rf %s %s %s %s %s %s", ret2 == 0 ? "": path, VA_IMAGE_TMP_TGZ, VA_IMAGE_TMP_ANI, VA_IMAGE_META_INFO, VA_IMAGE_TMP_VMDK, VA_IMAGE_TMP_RAW, VA_IMAGE_FMT_QCOW2); system(cmd); return ret2; } @@ -888,7 +896,7 @@ char cmd[MAXPATHLEN]; if (name == NULL || name[0] == '\0' || is_invalid_image_name(name)) { - printf("Invalid image name!\n"); + printf("Invalid image file name \"%s\"! Allowed characters: \"a-z\", \"A-Z\", \"0-9\", \".\", \"_\", \"-\"\n", name); return 1; } Index: src/library/avxvainst/va_utils.c =================================================================== --- src/library/avxvainst/va_utils.c (revision 9237) +++ src/library/avxvainst/va_utils.c (working copy) @@ -23,6 +23,7 @@ #include #include #include +#include #include #include "va_utils.h" @@ -339,14 +340,31 @@ return -1; } - +#define MAX_NAME_LEN 255 int is_invalid_image_name(const char * name) { - if (strchr(name, ' ') || strchr(name, '*') || strchr(name, '(') || strchr(name, ')')) { + int len = 0; + if (name == NULL || *name == '\0') { return 1; } + // Validate each character against the whitelist: + // Allowed characters: a-z, A-Z, 0-9, '.', '_', '-' + while (*name) { + if (len++ > MAX_NAME_LEN) { + return 1; + } + + if (!(isalnum((unsigned char)*name) || + *name == '.' || + *name == '_' || + *name == '-')) { + return 1; + } + name++; + } + return 0; }