Validate server arguments

Some command line arguments are passed as is to "adb shell". Therefore, they must not contain special shell characters.
2024-09-13 19:53:05 +02:00 · 2024-09-13 19:53:05 +02:00 · bec3321fff
commit bec3321fff
parent dea1fe3386
1 changed files with 28 additions and 0 deletions
--- a/app/src/server.c
+++ b/app/src/server.c
@ -218,6 +218,21 @@ sc_server_get_audio_source_name(enum sc_audio_source audio_source) {
    }
 }

+static bool
+validate_string(const char *s) {
+    // The parameters values are passed as command line arguments to adb, so
+    // they must either be properly escaped, or they must not contain any
+    // special shell characters.
+    // Since they are not properly escaped on Windows anyway (see
+    // sys/win/process.c), just forbid special shell characters.
+    if (strpbrk(s, " ;'\"*$?&`#\\|<>[]{}()!~")) {
+        LOGE("Invalid server param: [%s]", s);
+        return false;
+    }
+
+    return true;
+}
+
 static sc_pid
 execute_server(struct sc_server *server,
               const struct sc_server_params *params) {
@ -260,6 +275,11 @@ execute_server(struct sc_server *server,
        } \
        cmd[count++] = p; \
    } while(0)
+#define VALIDATE_STRING(s) do { \
+        if (!validate_string(s)) { \
+            goto end; \
+        } \
+    } while(0)

    ADD_PARAM("scid=%08x", params->scid);
    ADD_PARAM("log_level=%s", log_level_to_server_string(params->log_level));
@ -311,6 +331,7 @@ execute_server(struct sc_server *server,
        ADD_PARAM("tunnel_forward=true");
    }
    if (params->crop) {
+        VALIDATE_STRING(params->crop);
        ADD_PARAM("crop=%s", params->crop);
    }
    if (!params->control) {
@ -321,9 +342,11 @@ execute_server(struct sc_server *server,
        ADD_PARAM("display_id=%" PRIu32, params->display_id);
    }
    if (params->camera_id) {
+        VALIDATE_STRING(params->camera_id);
        ADD_PARAM("camera_id=%s", params->camera_id);
    }
    if (params->camera_size) {
+        VALIDATE_STRING(params->camera_size);
        ADD_PARAM("camera_size=%s", params->camera_size);
    }
    if (params->camera_facing != SC_CAMERA_FACING_ANY) {
@ -331,6 +354,7 @@ execute_server(struct sc_server *server,
            sc_server_get_camera_facing_name(params->camera_facing));
    }
    if (params->camera_ar) {
+        VALIDATE_STRING(params->camera_ar);
        ADD_PARAM("camera_ar=%s", params->camera_ar);
    }
    if (params->camera_fps) {
@ -346,15 +370,19 @@ execute_server(struct sc_server *server,
        ADD_PARAM("stay_awake=true");
    }
    if (params->video_codec_options) {
+        VALIDATE_STRING(params->video_codec_options);
        ADD_PARAM("video_codec_options=%s", params->video_codec_options);
    }
    if (params->audio_codec_options) {
+        VALIDATE_STRING(params->audio_codec_options);
        ADD_PARAM("audio_codec_options=%s", params->audio_codec_options);
    }
    if (params->video_encoder) {
+        VALIDATE_STRING(params->video_encoder);
        ADD_PARAM("video_encoder=%s", params->video_encoder);
    }
    if (params->audio_encoder) {
+        VALIDATE_STRING(params->audio_encoder);
        ADD_PARAM("audio_encoder=%s", params->audio_encoder);
    }
    if (params->power_off_on_close) {