From fb11589bb03c2887927693c62af51cdb40953f63 Mon Sep 17 00:00:00 2001
From: Jan Vidar Krey <janvidar@extatic.org>
Date: Tue, 7 Aug 2012 11:55:29 +0200
Subject: [PATCH] Drop all ADC messages containing illegal ADC escapes.

---
 src/adc/message.c | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/adc/message.c b/src/adc/message.c
index f2b2e64..eb14630 100644
--- a/src/adc/message.c
+++ b/src/adc/message.c
@@ -63,6 +63,27 @@ static void msg_free(void* ptr)
 #define msg_free(X)         hub_free(X)
 #endif /* MSG_MEMORY_DEBUG */
 
+static int msg_check_escapes(const char* string, size_t len)
+{
+        char* start = (char*) string;
+        while ((start = memchr(start, '\\', len - (start - string))))
+        {
+                if (start+1 == (string + len))
+                        return 0;
+
+                switch (*(++start))
+                {
+                        case '\\':
+                        case 'n':
+                        case 's':
+                                break;
+                        default:
+                                return 0;
+                }
+        }
+        return 1;
+}
+
 
 struct adc_message* adc_msg_incref(struct adc_message* msg)
 {
@@ -319,6 +340,13 @@ struct adc_message* adc_msg_parse(const char* line, size_t length)
 		return NULL;
 	}
 
+	if (!msg_check_escapes(line, length))
+	{
+		LOG_DEBUG("Dropped message with invalid ADC escape.");
+		msg_free(command);
+		return NULL;
+	}
+
 	if (line[length-1] != '\n')
 	{
 		need_terminate = 1;
@@ -877,7 +905,6 @@ char* adc_msg_unescape(const char* string)
 	return new_string;
 }
 
-
 char* adc_msg_escape(const char* string)
 {
 	char* str = hub_malloc(adc_msg_escape_length(string)+1);