From a51ab35bc71f678fcc0bc07bd2d2fd682587381e Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Mon, 21 Dec 2015 09:50:28 +0100
Subject: improved sanity checks for importcontext and telnet interface


diff --git a/importer.go b/importer.go
index 9be1257..df491d7 100644
--- a/importer.go
+++ b/importer.go
@@ -35,6 +35,11 @@ import (
 	"path"
 )
 
+const (
+	CART_MAX = 999999
+	CUT_MAX  = 999
+)
+
 var (
 	bool2str = map[bool]string{false: "0", true: "1"}
 )
@@ -100,6 +105,12 @@ func (ctx *ImportContext) SanityCheck() error {
 		return fmt.Errorf("empty Password on untrusted control interface is not allowed")
 	}
 	if ctx.ShowId != 0 {
+		if ctx.ShowId != 0 && ctx.ShowId > CART_MAX {
+			return fmt.Errorf("ShowId %d is outside of allowed range (0 < show-id < %d)", ctx.ShowId, CART_MAX)
+		}
+		if ctx.Cart != 0 && ctx.Cart > CART_MAX {
+			return fmt.Errorf("Cart %d is outside of allowed range (0 < cart < %d)", ctx.Cart, CART_MAX)
+		}
 		return nil
 	}
 	if ctx.GroupName != "" {
@@ -118,6 +129,12 @@ func (ctx *ImportContext) SanityCheck() error {
 	if ctx.Cart == 0 {
 		return fmt.Errorf("either ShowId, PoolName or CartNumber must be supplied")
 	}
+	if ctx.Cart > CART_MAX {
+		return fmt.Errorf("Cart %d is outside of allowed range (0 < cart < %d)", ctx.Cart, CART_MAX)
+	}
+	if ctx.Cut != 0 && ctx.Cut > CUT_MAX {
+		return fmt.Errorf("Cut %d is outside of allowed range (0 < cart < %d)", ctx.Cut, CUT_MAX)
+	}
 	if ctx.Channels != 1 && ctx.Channels != 2 {
 		return fmt.Errorf("channles must be 1 or 2")
 	}
-- 
cgit v0.10.2