From ac9be65108142afea85ab1cd2ebb74b6b8485f25 Mon Sep 17 00:00:00 2001
From: Banyc <36535895+Banyc@users.noreply.github.com>
Date: Wed, 9 Aug 2023 14:53:52 +0800
Subject: [PATCH] fix: validate api input

---
 boringtun/src/device/api.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/boringtun/src/device/api.rs b/boringtun/src/device/api.rs
index 0486de68..2a7bbef7 100644
--- a/boringtun/src/device/api.rs
+++ b/boringtun/src/device/api.rs
@@ -210,7 +210,12 @@ fn api_set(reader: &mut BufReader<&UnixStream>, d: &mut LockReadGuard<Device>) -
             let mut cmd = String::new();
 
             while reader.read_line(&mut cmd).is_ok() {
-                cmd.pop(); // remove newline if any
+                let end = cmd.pop(); // remove newline if any
+                if let Some(end) = end {
+                    if end != '\n' {
+                        return EPROTO;
+                    }
+                }
                 if cmd.is_empty() {
                     return 0; // Done
                 }