Fixed --lladdr bug introduced in 2.1-rc9 where input validation code

was incorrectly expecting the lladdr parameter to be an IP address
when it is actually a MAC address (HoverHell).

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3339 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/options.c b/options.c
index ca9b9e1bae56f6a6be7399a4698148bc4f20bdb4..ebccd7f82efad68dc922c022883c96580d6f4ea1 100644 (file)
--- a/options.c
+++ b/options.c
@@ -3436,11 +3436,11 @@ add_option (struct options *options,
   else if (streq (p[0], "lladdr") && p[1])
     {
       VERIFY_PERMISSION (OPT_P_UP);
-      if (ip_addr_dotted_quad_safe (p[1])) /* FQDN -- IP address only */
+      if (mac_addr_safe (p[1])) /* MAC address only */
        options->lladdr = p[1];
       else
        {
-         msg (msglevel, "lladdr parm '%s' must be an IP address", p[1]);
+         msg (msglevel, "lladdr parm '%s' must be a MAC address", p[1]);
          goto err;
        }
     }

diff --git a/socket.c b/socket.c
index df922a9eb583d3ec47453c96610ce208bc123cbf..fe58c3e3158a85806ba0e7f43f6c7daea9a4b011 100644 (file)
--- a/socket.c
+++ b/socket.c
@@ -317,6 +317,45 @@ ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn)
     return false;
 }
 
+bool
+mac_addr_safe (const char *mac_addr)
+{
+  /* verify non-NULL */
+  if (!mac_addr)
+    return false;
+
+  /* verify length is within limits */
+  if (strlen (mac_addr) > 17)
+    return false;
+
+  /* verify that all chars are either alphanumeric or ':' and that no
+     alphanumeric substring is greater than 2 chars */
+  {
+    int nnum = 0;
+    const char *p = mac_addr;
+    int c;
+
+    while ((c = *p++))
+      {
+       if ( (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') )
+         {
+           ++nnum;
+           if (nnum > 2)
+             return false;
+         }
+       else if (c == ':')
+         {
+           nnum = 0;
+         }
+       else
+         return false;
+      }
+  }
+
+  /* error-checking is left to script invoked in lladdr.c */
+  return true;
+}
+
 static void
 update_remote (const char* host,
               struct openvpn_sockaddr *addr,

diff --git a/socket.h b/socket.h
index f6ec57067dc87767bb03dc10bb5327ac8edf45ea..980322d3be72f4951929d26f6d70865e263a79e8 100644 (file)
--- a/socket.h
+++ b/socket.h
@@ -400,6 +400,7 @@ int openvpn_inet_aton (const char *dotted_quad, struct in_addr *addr);
 /* integrity validation on pulled options */
 bool ip_addr_dotted_quad_safe (const char *dotted_quad);
 bool ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn);
+bool mac_addr_safe (const char *mac_addr);
 
 socket_descriptor_t create_socket_tcp (void);