additional SPA validation check to ensure no non-ascii printable chars in decoded message

2012-11-13 21:16:27 -05:00 · 2012-11-13 21:16:27 -05:00 · 02790628d4
commit 02790628d4
parent 70afd9c2d4
1 changed files with 6 additions and 0 deletions
--- a/lib/fko_decode.c
+++ b/lib/fko_decode.c
@ -52,6 +52,12 @@ fko_decode_spa_data(fko_ctx_t ctx)
            MAX_SPA_ENCODED_MSG_SIZE) == MAX_SPA_ENCODED_MSG_SIZE)
        return(FKO_ERROR_INVALID_DATA);

+    /* Make sure there are no non-ascii printable chars
+    */
+    for (i=0; i < strnlen(ctx->encoded_msg, MAX_SPA_ENCODED_MSG_SIZE); i++)
+        if(isprint(ctx->encoded_msg[i]) == 0)
+            return(FKO_ERROR_INVALID_DATA);
+
    /* Make sure there are enough fields in the SPA packet
     * delimited with ':' chars
    */