From edb2c1f5cdf3a622d5d5da7602acf479a505073b Mon Sep 17 00:00:00 2001 From: aler9 <46489434+aler9@users.noreply.github.com> Date: Wed, 5 Aug 2020 12:17:04 +0200 Subject: [PATCH] check path name in configuration --- client.go | 7 ++++--- conf.go | 5 +++++ utils.go | 11 +++++++++++ 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/client.go b/client.go index b27b1fb7..52a4d369 100644 --- a/client.go +++ b/client.go @@ -355,8 +355,9 @@ func (c *client) handleRequest(req *gortsplib.Request) bool { return false } - if strings.Index(path, "/") >= 0 { - c.writeResError(req, gortsplib.StatusBadRequest, fmt.Errorf("slashes in the path are not supported (%s)", path)) + err := checkPathName(path) + if err != nil { + c.writeResError(req, gortsplib.StatusBadRequest, fmt.Errorf("invalid path name: %s (%s)", err, path)) return false } @@ -367,7 +368,7 @@ func (c *client) handleRequest(req *gortsplib.Request) bool { return false } - err := c.authenticate(confp.publishIpsParsed, confp.PublishUser, confp.PublishPass, req) + err = c.authenticate(confp.publishIpsParsed, confp.PublishUser, confp.PublishPass, req) if err != nil { if err == errAuthCritical { return false diff --git a/conf.go b/conf.go index 5beb4078..f4a2e4af 100644 --- a/conf.go +++ b/conf.go @@ -180,6 +180,11 @@ func loadConf(fpath string, stdin io.Reader) (*conf, error) { confp = conf.Paths[name] } + err := checkPathName(name) + if err != nil { + return nil, fmt.Errorf("invalid path name: %s (%s)", err, name) + } + if confp.Source == "" { confp.Source = "record" } diff --git a/utils.go b/utils.go index 8d384a74..d136cb15 100644 --- a/utils.go +++ b/utils.go @@ -3,6 +3,7 @@ package main import ( "fmt" "net" + "regexp" "strconv" "strings" @@ -161,3 +162,13 @@ func makeIpKey(ip net.IP) ipKey { } return ret } + +var rePathName = regexp.MustCompile("^[0-9a-zA-Z_-]+$") + +func checkPathName(name string) error { + if !rePathName.MatchString(name) { + return fmt.Errorf("can contain only alfanumeric characters, underscore or minus") + } + + return nil +}