Wallet: Sanitise -wallet parameter

This commit is contained in:
Luke Dashjr 2017-01-08 20:41:30 +00:00
parent 9756be382e
commit d678771c66
3 changed files with 10 additions and 2 deletions

View file

@ -19,7 +19,8 @@ static const string CHARS_ALPHA_NUM = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNO
static const string SAFE_CHARS[] = static const string SAFE_CHARS[] =
{ {
CHARS_ALPHA_NUM + " .,;-_/:?@()", // SAFE_CHARS_DEFAULT CHARS_ALPHA_NUM + " .,;-_/:?@()", // SAFE_CHARS_DEFAULT
CHARS_ALPHA_NUM + " .,;-_?@" // SAFE_CHARS_UA_COMMENT CHARS_ALPHA_NUM + " .,;-_?@", // SAFE_CHARS_UA_COMMENT
CHARS_ALPHA_NUM + ".-_", // SAFE_CHARS_FILENAME
}; };
string SanitizeString(const string& str, int rule) string SanitizeString(const string& str, int rule)

View file

@ -26,7 +26,8 @@
enum SafeChars enum SafeChars
{ {
SAFE_CHARS_DEFAULT, //!< The full set of allowed chars SAFE_CHARS_DEFAULT, //!< The full set of allowed chars
SAFE_CHARS_UA_COMMENT //!< BIP-0014 subset SAFE_CHARS_UA_COMMENT, //!< BIP-0014 subset
SAFE_CHARS_FILENAME, //!< Chars allowed in filenames
}; };
/** /**

View file

@ -3765,6 +3765,12 @@ bool CWallet::InitLoadWallet()
std::string walletFile = GetArg("-wallet", DEFAULT_WALLET_DAT); std::string walletFile = GetArg("-wallet", DEFAULT_WALLET_DAT);
if (walletFile.find_first_of("/\\") != std::string::npos) {
return InitError(_("-wallet parameter must only specify a filename (not a path)"));
} else if (SanitizeString(walletFile, SAFE_CHARS_FILENAME) != walletFile) {
return InitError(_("Invalid characters in -wallet filename"));
}
CWallet * const pwallet = CreateWalletFromFile(walletFile); CWallet * const pwallet = CreateWalletFromFile(walletFile);
if (!pwallet) { if (!pwallet) {
return false; return false;