[PATCH] Configuration files need to match "*-module"

[Andreas Metzler]

Before this patch p11-kit reads all files in the configuration
directory, including foo.bak, gnome-keyring-module.dpkg-new or
gnome-keyring-module.rpmnew. Require [[:alnum:]][[:alnum:],_.-]-module
instead.

Patch is almost identical to Ubuntu's valid-config-files.patch by Adam
Conrad.

See https://bugs.launchpad.net/ubuntu/+source/p11-kit/+bug/911436 and
https://bugs.freedesktop.org/show_bug.cgi?id=48154.
---
 doc/p11-kit-config.xml |    7 +++++--
 p11-kit/conf.c         |   35 +++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/doc/p11-kit-config.xml b/doc/p11-kit-config.xml
index 11fb41f..cf685dc 100644
--- a/doc/p11-kit-config.xml
+++ b/doc/p11-kit-config.xml
@@ -113,8 +113,11 @@ critical: yes
 		<title>Module Configuration</title>
 
 		<para>Each configured PKCS#11 module has its own config file. These files
-		can be <link linkend="config-locations">placed in various locations</link>.
-		Most importantly each config file specifies the path of the PKCS#11 module to
+		can be <link linkend="config-locations">placed in various locations</link>.</para>
+		<para>The filename of the configuration file may consist of upper and lowercase letters
+		underscore, comma, dash and dots. The first characters needs to be an alphanumeric,
+		the filename should end with <literal>-module</literal>.</para>
+		<para>Most importantly each config file specifies the path of the PKCS#11 module to
 		load. A module config file has the following fields:</para>
 
 		<variablelist>
diff --git a/p11-kit/conf.c b/p11-kit/conf.c
index 5c09ff5..2f2424d 100644
--- a/p11-kit/conf.c
+++ b/p11-kit/conf.c
@@ -56,6 +56,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <fnmatch.h>
 
 #ifdef OS_UNIX
 #include <pwd.h>
@@ -483,6 +484,35 @@ finished:
 }
 
 static int
+config_filename_valid (const char *fname)
+{
+	const char *c = fname;
+	const char valid_pattern[] = "*-module";
+
+	/* Make sure the filename starts with an alphanumeric */
+	if (!isalnum(*c)) {
+		return 0;
+	}
+	++c;
+
+	/* Only allow alnum, _, -, and . */
+	while (*c) {
+		if (!isalnum(*c) && *c!='_' && *c!='-' && *c!='.') {
+			return 0;
+		}
+		++c;
+	}
+
+	/* Drop files not matching *-module to ignore *.bak, 
+	 * *.dpkg* or *.rpmnew. */
+	if (fnmatch(valid_pattern, fname, 0)) {
+		return 0;
+	}
+
+	return 1;
+}
+
+static int
 load_config_from_file (const char *configfile, const char *name, hashmap *configs)
 {
 	hashmap *config;
@@ -492,6 +522,11 @@ load_config_from_file (const char *configfile, const char *name, hashmap *config
 
 	assert (configfile);
 
+	if (!config_filename_valid(name)) {
+		_p11_debug ("skipping invalid config filename: %s", configfile);
+		return -1;
+	}
+
 	config = _p11_conf_parse_file (configfile, 0);
 	if (!config)
 		return -1;
-- 
1.7.10


--2fHTh5uZTiUOsy+g--