diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-06 10:43:31 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-09-06 10:43:31 +0000 |
| commit | b4b5c311d376cd499dfeea146f0b448910700562 (patch) | |
| tree | 4cf7a01a76e4344d6d5a052090b33d903299a2a3 /socket.c | |
| parent | 2.1_rc8 and earlier did implicit shell expansion on script (diff) | |
| download | openvpn-b4b5c311d376cd499dfeea146f0b448910700562.tar.xz | |
Modified ip_or_dns_addr_safe, which validates pulled DNS names,
to more closely conform to RFC 3696:
* DNS name length must not exceed 255 characters
* DNS name characters must be limited to alphanumeric,
dash ('-'), and dot ('.')
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3312 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'socket.c')
| -rw-r--r-- | socket.c | 18 |
1 files changed, 15 insertions, 3 deletions
@@ -294,13 +294,25 @@ ip_addr_dotted_quad_safe (const char *dotted_quad) } } +static bool +dns_addr_safe (const char *addr) +{ + if (addr) + { + const size_t len = strlen (addr); + return len > 0 && len <= 255 && string_class (addr, CC_ALNUM|CC_DASH|CC_DOT, 0); + } + else + return false; +} + bool -ip_or_dns_addr_safe (const char *dotted_quad, const bool allow_fqdn) +ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn) { - if (ip_addr_dotted_quad_safe (dotted_quad)) + if (ip_addr_dotted_quad_safe (addr)) return true; else if (allow_fqdn) - return string_class (dotted_quad, CC_NAME|CC_DASH|CC_DOT, 0); + return dns_addr_safe (addr); else return false; } |