Browse code
Modified ip_or_dns_addr_safe, which validates pulled DNS names, to more closely conform to RFC 3696:
* DNS name length must not exceed 255 characters
* DNS name characters must be limited to alphanumeric,
dash ('-'), and dot ('.')
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3312 e7ae566f-a301-0410-adde-c780ea21d3b5
james authored on 2008/09/06 19:43:31Showing 2 changed files
| ... | ... |
@@ -294,13 +294,25 @@ ip_addr_dotted_quad_safe (const char *dotted_quad) |
| 294 | 294 |
} |
| 295 | 295 |
} |
| 296 | 296 |
|
| 297 |
+static bool |
|
| 298 |
+dns_addr_safe (const char *addr) |
|
| 299 |
+{
|
|
| 300 |
+ if (addr) |
|
| 301 |
+ {
|
|
| 302 |
+ const size_t len = strlen (addr); |
|
| 303 |
+ return len > 0 && len <= 255 && string_class (addr, CC_ALNUM|CC_DASH|CC_DOT, 0); |
|
| 304 |
+ } |
|
| 305 |
+ else |
|
| 306 |
+ return false; |
|
| 307 |
+} |
|
| 308 |
+ |
|
| 297 | 309 |
bool |
| 298 |
-ip_or_dns_addr_safe (const char *dotted_quad, const bool allow_fqdn) |
|
| 310 |
+ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn) |
|
| 299 | 311 |
{
|
| 300 |
- if (ip_addr_dotted_quad_safe (dotted_quad)) |
|
| 312 |
+ if (ip_addr_dotted_quad_safe (addr)) |
|
| 301 | 313 |
return true; |
| 302 | 314 |
else if (allow_fqdn) |
| 303 |
- return string_class (dotted_quad, CC_NAME|CC_DASH|CC_DOT, 0); |
|
| 315 |
+ return dns_addr_safe (addr); |
|
| 304 | 316 |
else |
| 305 | 317 |
return false; |
| 306 | 318 |
} |
| ... | ... |
@@ -399,7 +399,7 @@ int openvpn_inet_aton (const char *dotted_quad, struct in_addr *addr); |
| 399 | 399 |
|
| 400 | 400 |
/* integrity validation on pulled options */ |
| 401 | 401 |
bool ip_addr_dotted_quad_safe (const char *dotted_quad); |
| 402 |
-bool ip_or_dns_addr_safe (const char *dotted_quad, const bool allow_fqdn); |
|
| 402 |
+bool ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn); |
|
| 403 | 403 |
|
| 404 | 404 |
socket_descriptor_t create_socket_tcp (void); |
| 405 | 405 |
|