From 35bb36dc1e9b331e2bcbf987cadde81de3aad9a1 Mon Sep 17 00:00:00 2001
From: "aleksei.voronin" <aleksei.voronin@demlabs.net>
Date: Wed, 19 Aug 2020 18:22:28 +0300
Subject: [PATCH] [*] cli fields are now checked against forbidden symbols

---
 modules/app-cli/dap_app_cli_net.c | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/modules/app-cli/dap_app_cli_net.c b/modules/app-cli/dap_app_cli_net.c
index fa1c0f76ef..2ab51bd762 100644
--- a/modules/app-cli/dap_app_cli_net.c
+++ b/modules/app-cli/dap_app_cli_net.c
@@ -29,6 +29,7 @@
 #include <sys/types.h>
 #include <assert.h>
 #include <errno.h>
+#include <stdbool.h>
 
 #ifdef _WIN32
 #include <winsock2.h>
@@ -47,6 +48,7 @@
 #include "dap_chain_node_cli.h" // for UNIX_SOCKET_FILE
 #include "dap_app_cli.h"
 #include "dap_app_cli_net.h"
+#include "dap_enc_base64.h"
 
 static int s_status;
 
@@ -155,6 +157,27 @@ dap_app_cli_connect_param_t* dap_app_cli_connect(const char *a_socket_path)
     return l_ret;
 }
 
+/* if cli command argument contains one of the following symbol
+ argument is going to be encoded to base64 */
+static const char* s_dap_app_cli_forbidden_symbols[] = {"\r\n", ";", ""};
+
+bool s_dap_app_cli_cmd_contains_forbidden_symbol(const char * a_cmd_param){
+    for(int i = 0; s_dap_app_cli_forbidden_symbols[i][0] != '\0'; i++){
+        if(strstr(a_cmd_param, s_dap_app_cli_forbidden_symbols[i]))
+            return true;
+    }
+    return false;
+}
+
+char * s_dap_app_cli_strdup_to_base64(const char * a_cmd_param){
+    size_t l_cmd_param_len = strlen(a_cmd_param);
+    size_t l_cmd_param_base64_len = DAP_ENC_BASE64_ENCODE_SIZE(l_cmd_param_len) + 1;
+    char * l_cmd_param_base64 = DAP_NEW_SIZE(char, l_cmd_param_base64_len);
+    size_t l_cmd_param_base64_len_res = dap_enc_base64_encode(a_cmd_param, l_cmd_param_len, l_cmd_param_base64, DAP_ENC_DATA_TYPE_B64);
+    l_cmd_param_base64[l_cmd_param_base64_len_res] = '\0';
+    return l_cmd_param_base64;
+}
+
 /**
  * Send request to kelvin-node
  *
@@ -174,7 +197,13 @@ int dap_app_cli_post_command( dap_app_cli_connect_param_t *a_socket, dap_app_cli
         for (int i = 0; i < a_cmd->cmd_param_count; i++) {
             if (a_cmd->cmd_param[i]) {
                 dap_string_append(l_cmd_data, "\r\n");
-                dap_string_append(l_cmd_data, a_cmd->cmd_param[i]);
+                if(s_dap_app_cli_cmd_contains_forbidden_symbol(a_cmd->cmd_param[i])){
+                    char * l_cmd_param_base64 = s_dap_app_cli_strdup_to_base64(a_cmd->cmd_param[i]);
+                    dap_string_append(l_cmd_data, l_cmd_param_base64);
+                    DAP_DELETE(l_cmd_param_base64);
+                }else{
+                    dap_string_append(l_cmd_data, a_cmd->cmd_param[i]);
+                }
             }
         }
     }
-- 
GitLab