From: Jozsef Kadlecsik Date: Tue, 19 Jun 2012 20:06:59 +0000 (+0200) Subject: The commandline parser was too permissive, make it more strict X-Git-Tag: v6.13~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59d72e349a19da49d22934c1cdab914c3087c702;p=thirdparty%2Fipset.git The commandline parser was too permissive, make it more strict The parser allowed more possible argument alternatives for command options than the documented one, which limited the possibility of other option names. The patch makes the parser more strict. --- diff --git a/include/libipset/ui.h b/include/libipset/ui.h index aa3979ff..78d5866f 100644 --- a/include/libipset/ui.h +++ b/include/libipset/ui.h @@ -10,11 +10,13 @@ #include /* bool */ #include /* enum ipset_cmd */ +#define IPSET_CMD_ALIASES 3 + /* Commands in userspace */ struct ipset_commands { enum ipset_cmd cmd; int has_arg; - const char *name[2]; + const char *name[IPSET_CMD_ALIASES]; const char *help; }; diff --git a/src/ui.c b/src/ui.c index 0ebacbb7..bdd06025 100644 --- a/src/ui.c +++ b/src/ui.c @@ -5,7 +5,6 @@ * published by the Free Software Foundation. */ #include /* assert */ -#include /* tolower */ #include /* memcmp, str* */ #include /* IPSET_CMD_* */ @@ -25,91 +24,91 @@ const struct ipset_commands ipset_commands[] = { { /* c[reate], --create, n[ew], -N */ .cmd = IPSET_CMD_CREATE, - .name = { "create", "new" }, + .name = { "create", "new", "-N" }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME TYPENAME [type-specific-options]\n" " Create a new set", }, { /* a[dd], --add, -A */ .cmd = IPSET_CMD_ADD, - .name = { "add", NULL }, + .name = { "add", "-A", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" " Add entry to the named set", }, { /* d[el], --del, -D */ .cmd = IPSET_CMD_DEL, - .name = { "del", NULL }, + .name = { "del", "-D", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" " Delete entry from the named set", }, { /* t[est], --test, -T */ .cmd = IPSET_CMD_TEST, - .name = { "test", NULL }, + .name = { "test", "-T", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" " Test entry in the named set", }, { /* des[troy], --destroy, x, -X */ .cmd = IPSET_CMD_DESTROY, - .name = { "destroy", "x" }, + .name = { "destroy", "x", "-X" }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " Destroy a named set or all sets", }, { /* l[ist], --list, -L */ .cmd = IPSET_CMD_LIST, - .name = { "list", NULL }, + .name = { "list", "-L", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " List the entries of a named set or all sets", }, { /* s[save], --save, -S */ .cmd = IPSET_CMD_SAVE, - .name = { "save", NULL }, + .name = { "save", "-S", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " Save the named set or all sets to stdout", }, { /* r[estore], --restore, -R */ .cmd = IPSET_CMD_RESTORE, - .name = { "restore", NULL }, + .name = { "restore", "-R", NULL }, .has_arg = IPSET_NO_ARG, .help = "\n" " Restore a saved state", }, { /* f[lush], --flush, -F */ .cmd = IPSET_CMD_FLUSH, - .name = { "flush", NULL }, + .name = { "flush", "-F", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " Flush a named set or all sets", }, { /* ren[ame], --rename, e, -E */ .cmd = IPSET_CMD_RENAME, - .name = { "rename", "e" }, + .name = { "rename", "e", "-E" }, .has_arg = IPSET_MANDATORY_ARG2, .help = "FROM-SETNAME TO-SETNAME\n" " Rename two sets", }, { /* sw[ap], --swap, w, -W */ .cmd = IPSET_CMD_SWAP, - .name = { "swap", "w" }, + .name = { "swap", "w", "-W" }, .has_arg = IPSET_MANDATORY_ARG2, .help = "FROM-SETNAME TO-SETNAME\n" " Swap the contect of two existing sets", }, { /* h[elp, --help, -H */ .cmd = IPSET_CMD_HELP, - .name = { "help", NULL }, + .name = { "help", "-h", "-H" }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[TYPENAME]\n" " Print help, and settype specific help", }, { /* v[ersion], --version, -V */ .cmd = IPSET_CMD_VERSION, - .name = { "version", NULL }, + .name = { "version", "-v", "-V" }, .has_arg = IPSET_NO_ARG, .help = "\n" " Print version information", @@ -128,30 +127,29 @@ const struct ipset_commands ipset_commands[] = { bool ipset_match_cmd(const char *arg, const char * const name[]) { - size_t len; + size_t len, skip = 0; + int i; assert(arg); assert(name && name[0]); - /* Ignore (two) leading dashes */ - if (arg[0] == '-') - arg++; - if (arg[0] == '-') - arg++; + /* Ignore two leading dashes */ + if (arg[0] == '-' && arg[1] == '-') + skip = 2; len = strlen(arg); - - if (len > strlen(name[0]) || !len) - return false; - else if (len > 1 && - ((strncmp(arg, name[0], len) == 0) || - (name[1] != NULL && (strncmp(arg, name[1], len) == 0)))) - return true; - else if (len != 1) + if (len <= skip) return false; - else - return tolower(arg[0]) == name[0][0] || - (name[1] != NULL && tolower(arg[0]) == name[1][0]); + + for (i = 0; i < IPSET_CMD_ALIASES && name[i] != NULL; i++) { + /* Old compatibility command flags */ + if (name[i][0] == '-' && STREQ(arg, name[i])) + return true; + /* New command name options */ + if (strncmp(arg + skip, name[i], len - skip) == 0) + return true; + } + return false; } /* Used up so far diff --git a/tests/restore.t b/tests/restore.t index 7570bc13..b151be8e 100644 --- a/tests/restore.t +++ b/tests/restore.t @@ -3,5 +3,5 @@ # Save sets and compare 0 ipset save > .foo && diff restore.t.multi.saved .foo # Delete all sets -0 ipset -x +0 ipset x # eof diff --git a/tests/setlist.t b/tests/setlist.t index 90c78f26..6f81afc5 100644 --- a/tests/setlist.t +++ b/tests/setlist.t @@ -132,5 +132,5 @@ # Flush all sets 0 ipset flush # Delete all sets -0 ipset -x +0 ipset -X # eof