From b859a791274e717a415d3d5f371405eb11fe360f Mon Sep 17 00:00:00 2001
From: Paul K3PGM <milazzo@comcast.net>
Date: Fri, 22 Jul 2022 19:49:58 -0400
Subject: [PATCH] Fully validate node and tactical names; give better messages
 when invalid. (#450)

---
 files/www/cgi-bin/setup | 48 ++++++++++++++++++++---------------------
 1 file changed, 23 insertions(+), 25 deletions(-)

diff --git a/files/www/cgi-bin/setup b/files/www/cgi-bin/setup
index b043a1fe..d864efe2 100755
--- a/files/www/cgi-bin/setup
+++ b/files/www/cgi-bin/setup
@@ -208,6 +208,26 @@ function is_wifi_chanbw_valid(wifi_chanbw, wifi_ssid)
     return true -- always true
 end
 
+function validate_hostname(raw_name, name_type)
+    local trimmed_name = raw_name:match("^%s*(.-)%s*$")
+    if trimmed_name == "" then
+        if name_type == "node" then
+            err("you must set the node name")
+        end
+        -- A missing tactical name is not an error
+    else
+        local hostname = trimmed_name:match("^%f[%w]([-%w]+)%f[%W]$") -- RFC 1123 + RFC 952
+        if not hostname then
+            err(string.format('"%s" is not a valid %s name; only alphanumerics and internal hyphens are allowed', trimmed_name, name_type))
+        elseif string.len(hostname) > 63 then
+            err(string.format('%s name "%s" exceeds 63 characters', name_type, hostname)) -- RFC 2181
+        else
+            return hostname
+        end
+    end
+    return ""
+end
+
 -- helper end
 
 -- timezones
@@ -641,31 +661,9 @@ if parms.button_save then
         err("password must be changed during initial configuration")
     end
 
-    if nodetac:match("/") then
-        node, tactical = nodetac:match("^%s*([%w-]+)%s*/%s*([%w-]*)%s*$")
-        if not node then
-            err("invalid node/tactical name")
-            node = nodetac:match("^([^/%s]*)")
-            tactical = ""
-            if node == "" then
-                err("you must set the node name")
-            end
-        elseif tactical == "" then
-            err("invalid node/tactical name")
-        end
-    else
-        node = nodetac
-        tactical = ""
-        if node == "" then
-            err("you must set the node name")
-        end
-    end
-    if node ~= "" and node:match("[^%w-]") or node:match("_") then
-        err("invalid node name")
-    end
-    if tactical:match("[^%w-]") or tactical:match("_") then
-        err("invalid tactical name")
-    end
+    local raw_node, raw_tactical = nodetac:match("^([^/]*)(.*)$")
+    node = validate_hostname(raw_node, "node")
+    tactical = raw_tactical ~= "" and validate_hostname(string.sub(raw_tactical, 2), "tactical") or ""
 
     if not validate_fqdn(ntp_server) then
         err("invalid ntp server")