feat(config,script): validate UTF-8 config and hex encryption keys

2026-06-05 11:59:45 +00:00 · 2026-05-17 22:20:14 +03:00
parent bbcf8f6ed1
commit 4adea8824f
4 changed files with 48 additions and 1 deletions
--- a/script/cnc.sh
+++ b/script/cnc.sh
@@ -72,6 +72,16 @@ fi

 echo "[+] Using Podman"
 echo ""
+
+validate_key() {
+    case "$1" in
+        *[!0-9a-fA-F]*)
+            return 1
+            ;;
+    esac
+    [ "${#1}" -eq 64 ]
+}
+
 echo "Select auth provider:"
 echo "  1) jitsi"
 echo "  2) telemost"
@@ -158,6 +168,11 @@ if [ -z "$KEY" ]; then
    exit 1
 fi

+if ! validate_key "$KEY"; then
+    echo "[X] Encryption key must be 64 hex characters"
+    exit 1
+fi
+
 echo ""
 read -p "DNS server [default: 8.8.8.8:53]: " DNS_INPUT
 DNS=${DNS_INPUT:-8.8.8.8:53}
--- a/script/srv.sh
+++ b/script/srv.sh
@@ -68,6 +68,16 @@ fi

 echo "[+] Using Podman"
 echo ""
+
+validate_key() {
+    case "$1" in
+        *[!0-9a-fA-F]*)
+            return 1
+            ;;
+    esac
+    [ "${#1}" -eq 64 ]
+}
+
 echo "Select carrier:"
 echo "  1) jitsi"
 echo "  2) telemost"
@@ -361,7 +371,12 @@ KEY_FILE="$HOME/.olcrtc_key"

 if [ -f "$KEY_FILE" ]; then
    echo "[*] Loading existing encryption key..."
-    KEY=$(cat "$KEY_FILE")
+    KEY=$(tr -d '[:space:]' < "$KEY_FILE")
+    if ! validate_key "$KEY"; then
+        echo "[X] Invalid encryption key in $KEY_FILE"
+        echo "    Remove the file to generate a new key, or replace it with 64 hex characters."
+        exit 1
+    fi
 else
    echo "[*] Generating new encryption key..."
    KEY=$(openssl rand -hex 32)