12585 insufficient validation in svccfg for service name

*** 21,31 ****
  /*
   * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
   */
  /*
   * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
!  * Copyright 2019 Joyent, Inc.
   */
  
  
  /*
   * XML document manipulation routines
--- 21,31 ----
  /*
   * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
   */
  /*
   * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
!  * Copyright 2020 Joyent, Inc.
   */
  
  
  /*
   * XML document manipulation routines
*** 3402,3411 ****
--- 3402,3433 ----
  
          return (rc);
  }
  
  /*
+  * Validate the svc:/-prefixed FMRI generated from the service name.
+  */
+ static void
+ validate_service_name(const entity_t *s)
+ {
+         char *fmri;
+         int ftype;
+         const char *finst;
+ 
+         if ((fmri = uu_strdup(s->sc_fmri)) == NULL)
+                 uu_die(gettext("couldn't allocate memory"));
+ 
+         if (scf_parse_fmri(fmri, &ftype, NULL, NULL, &finst, NULL, NULL) != 0 ||
+             finst != NULL || ftype != SCF_FMRI_TYPE_SVC) {
+                 uu_die(gettext("invalid value \"%s\": should be a bare "
+                     "service name\n"), s->sc_name);
+         }
+ 
+         uu_free(fmri);
+ }
+ 
+ /*
   * Translate a service element into an internal instance/property tree, added
   * to bundle.
   *
   * If op is SVCCFG_OP_APPLY (i.e., apply a profile), do not allow for
   * modification of template data.
*** 3425,3434 ****
--- 3447,3458 ----
           * Fetch attributes, as appropriate.
           */
          s = internal_service_new((char *)xmlGetProp(svc,
              (xmlChar *)name_attr));
  
+         validate_service_name(s);
+ 
          version = xmlGetProp(svc, (xmlChar *)version_attr);
          s->sc_u.sc_service.sc_service_version = atol((const char *)version);
          xmlFree(version);
  
          type = xmlGetProp(svc, (xmlChar *)type_attr);