auc: don't segfault on invalid URL

author Daniel Golle <redacted>

Sun, 13 Mar 2022 23:48:28 +0000 (23:48 +0000)

committer Daniel Golle <redacted>

Sun, 13 Mar 2022 23:49:25 +0000 (23:49 +0000)
author Daniel Golle <redacted>
Sun, 13 Mar 2022 23:48:28 +0000 (23:48 +0000)
committer Daniel Golle <redacted>
Sun, 13 Mar 2022 23:49:25 +0000 (23:49 +0000)
diff --git a/utils/auc/src/auc.c b/utils/auc/src/auc.c

index cd2acc52250ade518843457ba915ce0d86fd1106..65f57bc5f364631af29ea18a1ce70216c6ffedce 100644 (file)
--- a/utils/auc/src/auc.c
+++ b/utils/auc/src/auc.c
@@ -307,6 +307,7 @@ static int load_config() {
         struct uci_context *uci_ctx;
         struct uci_package *uci_attendedsysupgrade;
         struct uci_section *uci_s;
+       char *url;
  
         uci_ctx = uci_alloc_context();
         if (!uci_ctx)
@@ -319,13 +320,23 @@ static int load_config() {
                 fprintf(stderr, "Failed to load attendedsysupgrade config\n");
                 return -1;
         }
-
         uci_s = uci_lookup_section(uci_ctx, uci_attendedsysupgrade, "server");
         if (!uci_s) {
+               fprintf(stderr, "Failed to read server config section\n");
+               return -1;
+       }
+       url = uci_lookup_option_string(uci_ctx, uci_s, "url");
+       if (!url) {
                 fprintf(stderr, "Failed to read server url from config\n");
                 return -1;
         }
-       serverurl = strdup(uci_lookup_option_string(uci_ctx, uci_s, "url"));
+       if (strncmp(url, "https://", strlen("https://")) &&
+           strncmp(url, "http://", strlen("http://"))) {
+               fprintf(stderr, "Server url invalid (needs to be http://... or https://...)\n");
+               return -1;
+       }
+
+       serverurl = strdup(url);
  
         uci_s = uci_lookup_section(uci_ctx, uci_attendedsysupgrade, "client");
         if (!uci_s) {
author	Daniel Golle <redacted>
	Sun, 13 Mar 2022 23:48:28 +0000 (23:48 +0000)
committer	Daniel Golle <redacted>
	Sun, 13 Mar 2022 23:49:25 +0000 (23:49 +0000)