From 94738819b17cd03adbce6284a87f5fd0bb28d077 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Tue, 13 Jun 2023 18:21:22 -0300
Subject: util.c: check first/last char and allow extra chars

In `invalid_name`.
---
 src/firejail/util.c | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/firejail/util.c b/src/firejail/util.c
index 78704fa64..6c79c050e 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -1476,7 +1476,8 @@ int ascii_isxdigit(unsigned char c) {
 	return ret;
 }
 
-// allow strict ASCII letters and numbers; names with only numbers are rejected; spaces are rejected
+// Allow only ASCII letters, digits and a few special characters; names with
+// only numbers are rejected; spaces and control characters are rejected.
 int invalid_name(const char *name) {
 	const char *c = name;
 	int only_numbers = 1;
@@ -1484,13 +1485,34 @@ int invalid_name(const char *name) {
 	if (strlen(name) > 253)
 		return 1;
 
+	// must start with alnum
+	if (!ascii_isalnum(*c))
+		return 1;
+	if (!ascii_isdigit(*c))
+		only_numbers = 0;
+	++c;
+
 	while (*c) {
-		if (!ascii_isalnum(*c))
-			return 1;
-		if (!ascii_isdigit(*c))
+		switch (*c) {
+		case '-':
+		case '.':
+		case '_':
 			only_numbers = 0;
+			break;
+		default:
+			if (!ascii_isalnum(*c))
+				return 1;
+			if (!ascii_isdigit(*c))
+				only_numbers = 0;
+		}
 		++c;
 	}
+
+	// must end with alnum
+	--c;
+	if (!ascii_isalnum(*c))
+		return 1;
+
 	if (only_numbers)
 		return 1;
 
-- 
cgit v1.2.3-54-g00ecf