aboutsummaryrefslogtreecommitdiff
path: root/socket.c
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-07-26 23:08:29 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-07-26 23:08:29 +0000
commitb4073a760205f6c341425fe5dd28313e3a12f567 (patch)
treeed22c69f356d8704f19318ef30124679f5e1f4f8 /socket.c
parentFixed compiler warnings in Windows build (MinGW). (diff)
downloadopenvpn-b4073a760205f6c341425fe5dd28313e3a12f567.tar.xz
Perform additional input validation on options pulled
by client from server. Fixes --iproute vulnerability. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'socket.c')
-rw-r--r--socket.c42
1 files changed, 42 insertions, 0 deletions
diff --git a/socket.c b/socket.c
index c1b16ad..a7ed55f 100644
--- a/socket.c
+++ b/socket.c
@@ -252,6 +252,48 @@ openvpn_inet_aton (const char *dotted_quad, struct in_addr *addr)
return OIA_HOSTNAME; /* probably a hostname */
}
+bool
+ip_addr_dotted_quad_safe (const char *dotted_quad)
+{
+ /* verify non-NULL */
+ if (!dotted_quad)
+ return false;
+
+ /* verify length is within limits */
+ if (strlen (dotted_quad) > 15)
+ return false;
+
+ /* verify that all chars are either numeric or '.' and that no numeric
+ substring is greater than 3 chars */
+ {
+ int nnum = 0;
+ const char *p = dotted_quad;
+ int c;
+
+ while ((c = *p++))
+ {
+ if (c >= '0' && c <= '9')
+ {
+ ++nnum;
+ if (nnum > 3)
+ return false;
+ }
+ else if (c == '.')
+ {
+ nnum = 0;
+ }
+ else
+ return false;
+ }
+ }
+
+ /* verify that string will convert to IP address */
+ {
+ struct in_addr a;
+ return openvpn_inet_aton (dotted_quad, &a) == OIA_IP;
+ }
+}
+
static void
update_remote (const char* host,
struct openvpn_sockaddr *addr,