From b4b5c311d376cd499dfeea146f0b448910700562 Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Sat, 6 Sep 2008 10:43:31 +0000
Subject: Modified ip_or_dns_addr_safe, which validates pulled DNS names, to
 more closely conform to RFC 3696:

* DNS name length must not exceed 255 characters

* DNS name characters must be limited to alphanumeric,
  dash ('-'), and dot ('.')


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3312 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 socket.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

(limited to 'socket.c')

diff --git a/socket.c b/socket.c
index 4d7c180..df922a9 100644
--- a/socket.c
+++ b/socket.c
@@ -294,13 +294,25 @@ ip_addr_dotted_quad_safe (const char *dotted_quad)
   }
 }
 
+static bool
+dns_addr_safe (const char *addr)
+{
+  if (addr)
+    {
+      const size_t len = strlen (addr);
+      return len > 0 && len <= 255 && string_class (addr, CC_ALNUM|CC_DASH|CC_DOT, 0);
+    }
+  else
+    return false;
+}
+
 bool
-ip_or_dns_addr_safe (const char *dotted_quad, const bool allow_fqdn)
+ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn)
 {
-  if (ip_addr_dotted_quad_safe (dotted_quad))
+  if (ip_addr_dotted_quad_safe (addr))
     return true;
   else if (allow_fqdn)
-    return string_class (dotted_quad, CC_NAME|CC_DASH|CC_DOT, 0);
+    return dns_addr_safe (addr);
   else
     return false;
 }
-- 
cgit v1.2.3