From: Jaehyun Kim <jeik01.kim@samsung.com>
Date: Mon, 22 Apr 2024 10:20:39 +0000 (+0900)
Subject: Fix the logic for checking config_id
X-Git-Tag: accepted/tizen/8.0/unified/20250207.154821~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=27a9a1ccd30e548886b5f7e7df88a11766b2b40d;p=platform%2Fcore%2Fconnectivity%2Fnet-config.git

Fix the logic for checking config_id

In the config_id validity check logic,
it only check whether config_id is in the hex value range or is an unerscore.
But this is causing problems because in reality
it can contain all lowercase letters.
So it was modified to also check for lowercase letters.

* This is a side effect caused by the following patch.
  - Fix Stack buffer overflow and Path traversal

Change-Id: I23d0ebc1cc38b9f9e526df38539155c2308257eb
Signed-off-by: Jaehyun Kim <jeik01.kim@samsung.com>
---

diff --git a/src/wifi-config.c b/src/wifi-config.c
index 9307a25..7744c6c 100755
--- a/src/wifi-config.c
+++ b/src/wifi-config.c
@@ -1255,7 +1255,9 @@ gboolean __netconfig_is_valid_config_id(const gchar *config_id)
 		return FALSE;
 
 	for (int i = 0; i < length; i++) {
-		if (!(isxdigit(config_id[i])) && config_id[i] != '_')
+		if (!(islower(config_id[i])) &&
+				!(isdigit(config_id[i])) &&
+				config_id[i] != '_')
 			return FALSE;
 	}