From aa82a90c39299ec34cff3886a35b265c7ae2dc4e Mon Sep 17 00:00:00 2001
From: Maxime Coste <mawww@kakoune.org>
Date: Sat, 4 Nov 2017 12:01:25 +0800
Subject: [PATCH] Remote: stricter validation of the session names

Creating a session will not accept any slashes in the session path,
connecting to an existing session will accept at most one slash to
allow for specifying the session of a different user.

Fixes #1635
---
 src/remote.cc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/remote.cc b/src/remote.cc
index 2bf6f03b..5a785aa1 100644
--- a/src/remote.cc
+++ b/src/remote.cc
@@ -531,7 +531,10 @@ static sockaddr_un session_addr(StringView session)
 {
     sockaddr_un addr;
     addr.sun_family = AF_UNIX;
-    if (find(session, '/')!= session.end())
+    auto slash_count = std::count(session.begin(), session.end(), '/');
+    if (slash_count > 1)
+        throw runtime_error{"Session names are either <user>/<name> or <name>"};
+    else if (slash_count == 1)
         format_to(addr.sun_path, "{}/kakoune/{}", tmpdir(), session);
     else
         format_to(addr.sun_path, "{}/kakoune/{}/{}", tmpdir(),
@@ -766,6 +769,9 @@ private:
 Server::Server(String session_name)
     : m_session{std::move(session_name)}
 {
+    if (contains(m_session, '/'))
+        throw runtime_error{"Cannot create sessions with '/' in their name"};
+
     int listen_sock = socket(AF_UNIX, SOCK_STREAM, 0);
     fcntl(listen_sock, F_SETFD, FD_CLOEXEC);
     sockaddr_un addr = session_addr(m_session);