Validate that structured cache bucket identifiers are alphanumeric

author: Stefan Boberg <[email protected]> 2021-06-17 13:54:53 +0200
committer: Stefan Boberg <[email protected]> 2021-06-17 13:54:53 +0200
commit: b539d1cef81cec155a5b5e8e0c14b57d13e687fe (patch)
tree: 64cbf024ef650a16aeb0b6b49ae08c94b65d0b29 /zenserver/cache/structuredcache.cpp
parent: Added debugging hints (diff)
download: zen-b539d1cef81cec155a5b5e8e0c14b57d13e687fe.tar.xz
zen-b539d1cef81cec155a5b5e8e0c14b57d13e687fe.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/zenserver/cache/structuredcache.cpp b/zenserver/cache/structuredcache.cpp
index fc93896fc..9083f764e 100644
--- a/zenserver/cache/structuredcache.cpp
+++ b/zenserver/cache/structuredcache.cpp
@@ -15,6 +15,7 @@
 #include "zenstore/cidstore.h"
 
 #include <spdlog/spdlog.h>
+#include <algorithm>
 #include <filesystem>
 
 namespace zen {
@@ -311,6 +312,11 @@ HttpStructuredCacheService::ValidateUri(zen::HttpServerRequest& Request, CacheRe
 
 	OutRef.BucketSegment = Key.substr(0, BucketSplitOffset);
 
+	if (!std::all_of(begin(OutRef.BucketSegment), end(OutRef.BucketSegment), [](const char c) { return std::isalnum(c); }))
+	{
+		return false;
+	}
+
 	std::string_view HashSegment;
 	std::string_view PayloadSegment;
author	Stefan Boberg <[email protected]>	2021-06-17 13:54:53 +0200
committer	Stefan Boberg <[email protected]>	2021-06-17 13:54:53 +0200
commit	b539d1cef81cec155a5b5e8e0c14b57d13e687fe (patch)
tree	64cbf024ef650a16aeb0b6b49ae08c94b65d0b29 /zenserver/cache/structuredcache.cpp
parent	Added debugging hints (diff)
download	zen-b539d1cef81cec155a5b5e8e0c14b57d13e687fe.tar.xz zen-b539d1cef81cec155a5b5e8e0c14b57d13e687fe.zip