From 537ad199423935ee58167f27a1148c0cd7302f4e Mon Sep 17 00:00:00 2001
From: Banyc <36535895+Banyc@users.noreply.github.com>
Date: Wed, 9 Aug 2023 14:53:52 +0800
Subject: [PATCH] fix: validate api input

---
 boringtun/src/device/api.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/boringtun/src/device/api.rs b/boringtun/src/device/api.rs
index 0486de68..bbe71b50 100644
--- a/boringtun/src/device/api.rs
+++ b/boringtun/src/device/api.rs
@@ -210,7 +210,11 @@ fn api_set(reader: &mut BufReader<&UnixStream>, d: &mut LockReadGuard<Device>) -
             let mut cmd = String::new();
 
             while reader.read_line(&mut cmd).is_ok() {
-                cmd.pop(); // remove newline if any
+                if let Some(end) = cmd.pop() {
+                    if end != '\n' {
+                        return EPROTO;
+                    }
+                } // remove newline if any
                 if cmd.is_empty() {
                     return 0; // Done
                 }