Forbid zero length tags, tags with leading '-', tags with leading or trailing whitespace, and tags containing whitespace other than space ' '. Signed-off-by: Jani Nikula <jani@nikula.org> --- notmuch-client.h | 1 + notmuch-tag.c | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 0 deletions(-) diff --git a/notmuch-client.h b/notmuch-client.h index b50cb38..ff286b0 100644 --- a/notmuch-client.h +++ b/notmuch-client.h @@ -46,6 +46,7 @@ #include <dirent.h> #include <errno.h> #include <signal.h> +#include <ctype.h> #include <talloc.h> diff --git a/notmuch-tag.c b/notmuch-tag.c index dded39e..fb7a2f3 100644 --- a/notmuch-tag.c +++ b/notmuch-tag.c @@ -30,6 +30,22 @@ handle_sigint (unused (int sig)) interrupted = 1; } +static int +tag_valid(const char *tag) +{ + /* no zero length tag, leading whitespace or leading - */ + if (*tag == '\0' || isspace ((unsigned char) *tag) || *tag == '-') + return 0; + + /* no whitespace except ' ', no trailing whitespace */ + for (tag++; *tag; tag++) { + if (isspace ((unsigned char) *tag) && (*tag != ' ' || *(tag+1) == '\0')) + return 0; + } + + return 1; +} + int notmuch_tag_command (void *ctx, unused (int argc), unused (char *argv[])) { @@ -73,6 +89,10 @@ notmuch_tag_command (void *ctx, unused (int argc), unused (char *argv[])) break; } if (argv[i][0] == '+') { + if (!tag_valid (argv[i] + 1)) { + fprintf (stderr, "Error: Invalid tag %s\n", argv[i] + 1); + return 1; + } add_tags[add_tags_count++] = i; } else if (argv[i][0] == '-') { remove_tags[remove_tags_count++] = i; -- 1.7.5.4