diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-26 23:08:29 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-26 23:08:29 +0000 |
commit | b4073a760205f6c341425fe5dd28313e3a12f567 (patch) | |
tree | ed22c69f356d8704f19318ef30124679f5e1f4f8 /socket.c | |
parent | Fixed compiler warnings in Windows build (MinGW). (diff) | |
download | openvpn-b4073a760205f6c341425fe5dd28313e3a12f567.tar.xz |
Perform additional input validation on options pulled
by client from server. Fixes --iproute vulnerability.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'socket.c')
-rw-r--r-- | socket.c | 42 |
1 files changed, 42 insertions, 0 deletions
@@ -252,6 +252,48 @@ openvpn_inet_aton (const char *dotted_quad, struct in_addr *addr) return OIA_HOSTNAME; /* probably a hostname */ } +bool +ip_addr_dotted_quad_safe (const char *dotted_quad) +{ + /* verify non-NULL */ + if (!dotted_quad) + return false; + + /* verify length is within limits */ + if (strlen (dotted_quad) > 15) + return false; + + /* verify that all chars are either numeric or '.' and that no numeric + substring is greater than 3 chars */ + { + int nnum = 0; + const char *p = dotted_quad; + int c; + + while ((c = *p++)) + { + if (c >= '0' && c <= '9') + { + ++nnum; + if (nnum > 3) + return false; + } + else if (c == '.') + { + nnum = 0; + } + else + return false; + } + } + + /* verify that string will convert to IP address */ + { + struct in_addr a; + return openvpn_inet_aton (dotted_quad, &a) == OIA_IP; + } +} + static void update_remote (const char* host, struct openvpn_sockaddr *addr, |