Remove commas and equals signs from external string inputs to the fallback list

This makes sure that list parsers only see one comma per fallback entry, and only see one equals sign per field. Implements ticket 24726.
2017-12-24 11:24:29 +11:00 · 2017-12-24 11:24:29 +11:00 · beedf5fd81
parent c1be0cfdb4
commit beedf5fd81
2 changed files with 12 additions and 0 deletions
--- a/changes/ticket24726
+++ b/changes/ticket24726
@ -0,0 +1,4 @@
+  o Minor features (fallback directory mirrors):
+    - Remove commas and equals signs from external string inputs to the
+      fallback list. This avoids format confusion attacks.
+      Implements ticket 24726.
--- a/scripts/maint/updateFallbackDirs.py
+++ b/scripts/maint/updateFallbackDirs.py
@ -284,6 +284,10 @@ def cleanse_c_multiline_comment(raw_string):
  bad_char_list = '*/'
  # Prevent a malicious string from using C nulls
  bad_char_list += '\0'
+  # Avoid confusing parsers by making sure there is only one comma per fallback
+  bad_char_list += ','
+  # Avoid confusing parsers by making sure there is only one equals per field
+  bad_char_list += '='
  # Be safer by removing bad characters entirely
  cleansed_string = remove_bad_chars(cleansed_string, bad_char_list)
  # Some compilers may further process the content of comments
@ -304,6 +308,10 @@ def cleanse_c_string(raw_string):
  bad_char_list += '\\'
  # Prevent a malicious string from using C nulls
  bad_char_list += '\0'
+  # Avoid confusing parsers by making sure there is only one comma per fallback
+  bad_char_list += ','
+  # Avoid confusing parsers by making sure there is only one equals per field
+  bad_char_list += '='
  # Be safer by removing bad characters entirely
  cleansed_string = remove_bad_chars(cleansed_string, bad_char_list)
  # Some compilers may further process the content of strings