aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-09-06 10:43:31 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-09-06 10:43:31 +0000
commitb4b5c311d376cd499dfeea146f0b448910700562 (patch)
tree4cf7a01a76e4344d6d5a052090b33d903299a2a3
parent2.1_rc8 and earlier did implicit shell expansion on script (diff)
downloadopenvpn-b4b5c311d376cd499dfeea146f0b448910700562.tar.xz
Modified ip_or_dns_addr_safe, which validates pulled DNS names,
to more closely conform to RFC 3696: * DNS name length must not exceed 255 characters * DNS name characters must be limited to alphanumeric, dash ('-'), and dot ('.') git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3312 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--socket.c18
-rw-r--r--socket.h2
2 files changed, 16 insertions, 4 deletions
diff --git a/socket.c b/socket.c
index 4d7c180..df922a9 100644
--- a/socket.c
+++ b/socket.c
@@ -294,13 +294,25 @@ ip_addr_dotted_quad_safe (const char *dotted_quad)
}
}
+static bool
+dns_addr_safe (const char *addr)
+{
+ if (addr)
+ {
+ const size_t len = strlen (addr);
+ return len > 0 && len <= 255 && string_class (addr, CC_ALNUM|CC_DASH|CC_DOT, 0);
+ }
+ else
+ return false;
+}
+
bool
-ip_or_dns_addr_safe (const char *dotted_quad, const bool allow_fqdn)
+ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn)
{
- if (ip_addr_dotted_quad_safe (dotted_quad))
+ if (ip_addr_dotted_quad_safe (addr))
return true;
else if (allow_fqdn)
- return string_class (dotted_quad, CC_NAME|CC_DASH|CC_DOT, 0);
+ return dns_addr_safe (addr);
else
return false;
}
diff --git a/socket.h b/socket.h
index b111764..f6ec570 100644
--- a/socket.h
+++ b/socket.h
@@ -399,7 +399,7 @@ int openvpn_inet_aton (const char *dotted_quad, struct in_addr *addr);
/* integrity validation on pulled options */
bool ip_addr_dotted_quad_safe (const char *dotted_quad);
-bool ip_or_dns_addr_safe (const char *dotted_quad, const bool allow_fqdn);
+bool ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn);
socket_descriptor_t create_socket_tcp (void);