[Openvas-commits] r5708 - in trunk/openvas-manager: . src

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Sat Oct 24 21:48:30 CEST 2009


Author: mattm
Date: 2009-10-24 21:48:29 +0200 (Sat, 24 Oct 2009)
New Revision: 5708

Modified:
   trunk/openvas-manager/ChangeLog
   trunk/openvas-manager/src/omp.c
   trunk/openvas-manager/src/tasks_sql.h
Log:
	* src/tasks_sql.h (create_lsc_credential): Check that name is all
	alphanumeric.

	* src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_LSC_CREDENTIAL
	handle name error.

Modified: trunk/openvas-manager/ChangeLog
===================================================================
--- trunk/openvas-manager/ChangeLog	2009-10-24 13:27:19 UTC (rev 5707)
+++ trunk/openvas-manager/ChangeLog	2009-10-24 19:48:29 UTC (rev 5708)
@@ -1,5 +1,13 @@
 2009-10-24  Matthew Mundell <matthew.mundell at intevation.de>
 
+	* src/tasks_sql.h (create_lsc_credential): Check that name is all
+	alphanumeric.
+
+	* src/omp.c (omp_xml_handle_end_element): In CLIENT_CREATE_LSC_CREDENTIAL
+	handle name error.
+
+2009-10-24  Matthew Mundell <matthew.mundell at intevation.de>
+
 	In LSC generator, improve command exit checking and pass args around
 	directly instead of via a structure.
 

Modified: trunk/openvas-manager/src/omp.c
===================================================================
--- trunk/openvas-manager/src/omp.c	2009-10-24 13:27:19 UTC (rev 5707)
+++ trunk/openvas-manager/src/omp.c	2009-10-24 19:48:29 UTC (rev 5708)
@@ -4119,6 +4119,14 @@
                  (XML_ERROR_SYNTAX ("create_lsc_credential",
                                     "LSC Credential exists already"));
                 break;
+              case 2:
+                openvas_free_string_var (&modify_task_comment);
+                openvas_free_string_var (&modify_task_name);
+                SEND_TO_CLIENT_OR_FAIL
+                 (XML_ERROR_SYNTAX ("create_lsc_credential",
+                                    "Name may only contain alphanumeric"
+                                    " characters"));
+                break;
               default:
                 assert (0);
               case -1:

Modified: trunk/openvas-manager/src/tasks_sql.h
===================================================================
--- trunk/openvas-manager/src/tasks_sql.h	2009-10-24 13:27:19 UTC (rev 5707)
+++ trunk/openvas-manager/src/tasks_sql.h	2009-10-24 19:48:29 UTC (rev 5708)
@@ -23,6 +23,7 @@
  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
+#include <ctype.h>
 #include <sqlite3.h>
 
 #include <openvas/openvas_logging.h>
@@ -5106,10 +5107,11 @@
 /**
  * @brief Create an LSC credential.
  *
- * @param[in]  name     Name of LSC credential.
+ * @param[in]  name     Name of LSC credential.  Must be at least one character.
  * @param[in]  comment  Comment on LSC credential.
  *
- * @return 0 success, 1 LSC credential exists already, -1 error.
+ * @return 0 success, 1 LSC credential exists already, 2 name contains space,
+ *         -1 error.
  */
 int
 create_lsc_credential (const char* name, const char* comment)
@@ -5122,7 +5124,12 @@
   GRand *rand;
 #define PASSWORD_LENGTH 10
   gchar password[PASSWORD_LENGTH];
+  const char *s = name;
 
+  assert (strlen (name) > 0);
+
+  while (*s) if (!isalnum (*s++)) return 2;
+
   sql ("BEGIN IMMEDIATE;");
 
   if (sql_int (0, 0, "SELECT COUNT(*) FROM lsc_credentials WHERE name = '%s';",



More information about the Openvas-commits mailing list