Merge commit from fork

PromoFaux · web-flow · commit f2102a0e94cc · 2026-04-03T16:48:39.000+01:00
Add validation for config items that shouldn't have newlines
diff --git a/src/config/config.c b/src/config/config.c
@@ -410,7 +410,7 @@ void initConfig(struct config *conf)
 	conf->dns.upstreams.t = CONF_JSON_STRING_ARRAY;
 	conf->dns.upstreams.d.json = cJSON_CreateArray();
 	conf->dns.upstreams.f = FLAG_RESTART_FTL;
-	conf->dns.upstreams.c = validate_stub; // Type-based checking + dnsmasq syntax checking
+	conf->dns.upstreams.c = validate_array_no_newline;
 
 	conf->dns.CNAMEdeepInspect.k = "dns.CNAMEdeepInspect";
 	conf->dns.CNAMEdeepInspect.h = "Use this option to control deep CNAME inspection. Disabling it might be beneficial for very low-end devices";
@@ -537,7 +537,7 @@ void initConfig(struct config *conf)
 	conf->dns.hostRecord.t = CONF_STRING;
 	conf->dns.hostRecord.f = FLAG_RESTART_FTL;
 	conf->dns.hostRecord.d.s = (char*)"";
-	conf->dns.hostRecord.c = validate_stub; // Type-based checking + dnsmasq syntax checking
+	conf->dns.hostRecord.c = validate_str_no_newline;
 
 	conf->dns.listeningMode.k = "dns.listeningMode";
 	conf->dns.listeningMode.h = "Pi-hole interface listening modes";
@@ -641,7 +641,7 @@ void initConfig(struct config *conf)
 	conf->dns.cache.rrtype.t = CONF_STRING;
 	conf->dns.cache.rrtype.f = FLAG_RESTART_FTL;
 	conf->dns.cache.rrtype.d.s = (char*)"ANY";
-	conf->dns.cache.rrtype.c = validate_stub; // Only type-based checking
+	conf->dns.cache.rrtype.c = validate_str_no_newline;
 	
 	// sub-struct dns.blocking
 	conf->dns.blocking.active.k = "dns.blocking.active";
@@ -816,7 +816,7 @@ void initConfig(struct config *conf)
 	conf->dhcp.leaseTime.t = CONF_STRING;
 	conf->dhcp.leaseTime.f = FLAG_RESTART_FTL;
 	conf->dhcp.leaseTime.d.s = (char*)"";
-	conf->dhcp.leaseTime.c = validate_stub; // Type-based checking + dnsmasq syntax checking
+	conf->dhcp.leaseTime.c = validate_str_no_newline;
 
 	conf->dhcp.ipv6.k = "dhcp.ipv6";
 	conf->dhcp.ipv6.h = "Should Pi-hole make an attempt to also satisfy IPv6 address requests (be aware that IPv6 works a whole lot different than IPv4)";
@@ -859,7 +859,7 @@ void initConfig(struct config *conf)
 	conf->dhcp.hosts.t = CONF_JSON_STRING_ARRAY;
 	conf->dhcp.hosts.f = FLAG_RESTART_FTL;
 	conf->dhcp.hosts.d.json = cJSON_CreateArray();
-	conf->dhcp.hosts.c = validate_stub; // Type-based checking + dnsmasq syntax checking
+	conf->dhcp.hosts.c = validate_array_no_newline;
 
 
 	// struct ntp
@@ -1430,7 +1430,7 @@ void initConfig(struct config *conf)
 	conf->misc.dnsmasq_lines.t = CONF_JSON_STRING_ARRAY;
 	conf->misc.dnsmasq_lines.f = FLAG_RESTART_FTL;
 	conf->misc.dnsmasq_lines.d.json = cJSON_CreateArray();
-	conf->misc.dnsmasq_lines.c = validate_stub; // Type-based checking + dnsmasq syntax checking
+	conf->misc.dnsmasq_lines.c = validate_array_no_newline;
 
 	conf->misc.extraLogging.k = "misc.extraLogging";
 	conf->misc.extraLogging.h = "Log additional information about queries and replies to pihole.log\n\n When this setting is enabled, the log has extra information at the start of each line. This consists of a serial number which ties together the log lines associated with an individual query, and the IP address of the requestor. This setting is only effective if dns.queryLogging is enabled, too. This option is only useful for debugging and is not recommended for normal use.";
diff --git a/src/config/validator.c b/src/config/validator.c
@@ -127,6 +127,7 @@ bool validate_dns_hosts(union conf_value *val, const char *key, char err[VALIDAT
 
 // Validate the dns.cnames array
 // Each entry needs to be a string in form "<cname>,[<cname>,]<target>[,<TTL>]"
+// Newline characters are not allowed in any of the entries
 bool validate_dns_cnames(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN])
 {
 	if(!cJSON_IsArray(val->json))
@@ -174,6 +175,18 @@ bool validate_dns_cnames(union conf_value *val, const char *key, char err[VALIDA
 			snprintf(err, VALIDATOR_ERRBUF_LEN, "%s[%d]: not a valid CNAME definition (too few elements)", key, i);
 			return false;
 		}
+
+		// Check if the string contains newline characters
+		const unsigned int len = strlen(item->valuestring);
+		for(unsigned int k = 0; k < len; k++)
+		{
+			if(item->valuestring[k] == '\n' || item->valuestring[k] == '\r')
+			{
+				snprintf(err, VALIDATOR_ERRBUF_LEN, "%s[%d]: contains newline characters",
+				         key, i);
+				return false;
+			}
+		}
 	}
 
 	return true;
@@ -539,6 +552,19 @@ bool validate_dns_revServers(union conf_value *val, const char *key, char err[VA
 			free(str);
 			return false;
 		}
+
+		// Ensure there are no newline characters in the entry
+		const unsigned int len = strlen(item->valuestring);
+		for(unsigned int k = 0; k < len; k++)
+		{
+			if(item->valuestring[k] == '\n' || item->valuestring[k] == '\r')
+			{
+				snprintf(err, VALIDATOR_ERRBUF_LEN, "%s[%d]: contains newline characters",
+				         key, i);
+				free(str);
+				return false;
+			}
+		}
 	}
 
 	// Return success
@@ -699,3 +725,69 @@ bool validate_dns_domain_or_ip(union conf_value *val, const char *key, char err[
 	snprintf(err, VALIDATOR_ERRBUF_LEN, "%s: neither a valid domain nor IP address", key);
 	return false;
 }
+
+bool validate_str_no_newline(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN])
+{
+	if(val->s == NULL)
+	{
+		snprintf(err, VALIDATOR_ERRBUF_LEN, "%s: null string", key);
+		return false;
+	}
+
+	// Check if the string contains newline characters
+	const unsigned int len = strlen(val->s);
+	for(unsigned int i = 0; i < len; i++)
+	{
+		if(val->s[i] == '\n' || val->s[i] == '\r')
+		{
+			snprintf(err, VALIDATOR_ERRBUF_LEN, "%s: contains newline characters", key);
+			return false;
+		}
+	}
+
+	return true;
+}
+
+bool validate_array_no_newline(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN])
+{
+	if(!cJSON_IsArray(val->json))
+	{
+		snprintf(err, VALIDATOR_ERRBUF_LEN, "%s: not an array", key);
+		return false;
+	}
+
+	for(int i = 0; i < cJSON_GetArraySize(val->json); i++)
+	{
+		// Get array item
+		cJSON *item = cJSON_GetArrayItem(val->json, i);
+
+		// Check if it's a string
+		if(!cJSON_IsString(item))
+		{
+			snprintf(err, VALIDATOR_ERRBUF_LEN, "%s[%d]: not a string",
+			         key, i);
+			return false;
+		}
+
+		if(item->valuestring == NULL)
+		{
+			snprintf(err, VALIDATOR_ERRBUF_LEN, "%s[%d]: null string",
+			         key, i);
+			return false;
+		}
+
+		// Check if the string contains newline characters
+		const unsigned int len = strlen(item->valuestring);
+		for(unsigned int j = 0; j < len; j++)
+		{
+			if(item->valuestring[j] == '\n' || item->valuestring[j] == '\r')
+			{
+				snprintf(err, VALIDATOR_ERRBUF_LEN, "%s[%d]: contains newline characters",
+				         key, i);
+				return false;
+			}
+		}
+	}
+
+	return true;
+}
diff --git a/src/config/validator.h b/src/config/validator.h
@@ -29,5 +29,7 @@ bool validate_dns_revServers(union conf_value *val, const char *key, char err[VA
 bool validate_ui_min_7_or_0(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN]);
 void sanitize_dns_hosts(union conf_value *val);
 bool validate_dns_domain_or_ip(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN]);
+bool validate_str_no_newline(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN]);
+bool validate_array_no_newline(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN]);
 
 #endif // CONFIG_VALIDATOR_H
