cmd/libsnap: guard against empty keys

While we are very flexible with key=value assignments, using empty key is really meaningless so let's not allow it. Signed-off-by: Zygmunt Krynicki <me@zygoon.pl> 

2 files changed, 18 insertions, 0 deletions

diff --git a/cmd/libsnap-confine-private/infofile-test.c b/cmd/libsnap-confine-private/infofile-test.c
index 2597ac3502..c499ed940b 100644
--- a/cmd/libsnap-confine-private/infofile-test.c
+++ b/cmd/libsnap-confine-private/infofile-test.c
@@ -130,6 +130,19 @@ static void test_infofile_get_key(void) {
 sc_error_free(err);
 fclose(stream);
 free(malformed_value);
+
+ char malformed4[] = "=";
+ stream = fmemopen(malformed4, sizeof malformed4 - 1, "r");
+ g_assert_nonnull(stream);
+ rc = sc_infofile_get_key(stream, "key", &malformed_value, &err);
+ g_assert_cmpint(rc, ==, -1);
+ g_assert_nonnull(err);
+ g_assert_cmpstr(sc_error_domain(err), ==, SC_LIBSNAP_ERROR);
+ g_assert_cmpint(sc_error_code(err), ==, 0);
+ g_assert_cmpstr(sc_error_msg(err), ==, "line 1 contains empty key");
+ g_assert_null(malformed_value);
+ sc_error_free(err);
+ fclose(stream);
 }
 
 static void __attribute__((constructor)) init(void) { g_test_add_func("/infofile/get_key", test_infofile_get_key); }
diff --git a/cmd/libsnap-confine-private/infofile.c b/cmd/libsnap-confine-private/infofile.c
index 6d5a419b74..77dbb697fc 100644
--- a/cmd/libsnap-confine-private/infofile.c
+++ b/cmd/libsnap-confine-private/infofile.c
@@ -191,6 +191,11 @@ static int sc_infofile_scan(FILE *stream, sc_infofile_scanner_fn scanner_fn, voi
 err = sc_error_init(SC_LIBSNAP_ERROR, 0, "line %d is not a key=value assignment", lineno);
 goto out;
 }
+ /* Guard against malformed input with empty key. */
+ if (eq_ptr == line_buf) {
+ err = sc_error_init(SC_LIBSNAP_ERROR, 0, "line %d contains empty key", lineno);
+ goto out;
+ }
 /* Replace the first '=' with string terminator byte. */
 *eq_ptr = '\0';