From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Sat, 6 Sep 2008 10:43:31 +0000 (+0000)
Subject: Modified ip_or_dns_addr_safe, which validates pulled DNS names,
X-Git-Tag: v2.1_rc10~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4b5c311d376cd499dfeea146f0b448910700562;p=thirdparty%2Fopenvpn.git

Modified ip_or_dns_addr_safe, which validates pulled DNS names,
to more closely conform to RFC 3696:

* DNS name length must not exceed 255 characters

* DNS name characters must be limited to alphanumeric,
  dash ('-'), and dot ('.')


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3312 e7ae566f-a301-0410-adde-c780ea21d3b5
---

diff --git a/socket.c b/socket.c
index 4d7c18052..df922a9eb 100644
--- a/socket.c
+++ b/socket.c
@@ -294,13 +294,25 @@ ip_addr_dotted_quad_safe (const char *dotted_quad)
   }
 }
 
+static bool
+dns_addr_safe (const char *addr)
+{
+  if (addr)
+    {
+      const size_t len = strlen (addr);
+      return len > 0 && len <= 255 && string_class (addr, CC_ALNUM|CC_DASH|CC_DOT, 0);
+    }
+  else
+    return false;
+}
+
 bool
-ip_or_dns_addr_safe (const char *dotted_quad, const bool allow_fqdn)
+ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn)
 {
-  if (ip_addr_dotted_quad_safe (dotted_quad))
+  if (ip_addr_dotted_quad_safe (addr))
     return true;
   else if (allow_fqdn)
-    return string_class (dotted_quad, CC_NAME|CC_DASH|CC_DOT, 0);
+    return dns_addr_safe (addr);
   else
     return false;
 }
diff --git a/socket.h b/socket.h
index b11176488..f6ec57067 100644
--- a/socket.h
+++ b/socket.h
@@ -399,7 +399,7 @@ int openvpn_inet_aton (const char *dotted_quad, struct in_addr *addr);
 
 /* integrity validation on pulled options */
 bool ip_addr_dotted_quad_safe (const char *dotted_quad);
-bool ip_or_dns_addr_safe (const char *dotted_quad, const bool allow_fqdn);
+bool ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn);
 
 socket_descriptor_t create_socket_tcp (void);