From b539d1cef81cec155a5b5e8e0c14b57d13e687fe Mon Sep 17 00:00:00 2001
From: Stefan Boberg <stefan@boberg.org>
Date: Thu, 17 Jun 2021 13:54:53 +0200
Subject: Validate that structured cache bucket identifiers are alphanumeric

---
 zenserver/cache/structuredcache.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'zenserver/cache/structuredcache.cpp')

diff --git a/zenserver/cache/structuredcache.cpp b/zenserver/cache/structuredcache.cpp
index fc93896fc..9083f764e 100644
--- a/zenserver/cache/structuredcache.cpp
+++ b/zenserver/cache/structuredcache.cpp
@@ -15,6 +15,7 @@
 #include "zenstore/cidstore.h"
 
 #include <spdlog/spdlog.h>
+#include <algorithm>
 #include <filesystem>
 
 namespace zen {
@@ -311,6 +312,11 @@ HttpStructuredCacheService::ValidateUri(zen::HttpServerRequest& Request, CacheRe
 
 	OutRef.BucketSegment = Key.substr(0, BucketSplitOffset);
 
+	if (!std::all_of(begin(OutRef.BucketSegment), end(OutRef.BucketSegment), [](const char c) { return std::isalnum(c); }))
+	{
+		return false;
+	}
+
 	std::string_view HashSegment;
 	std::string_view PayloadSegment;
 
-- 
cgit v1.2.3