Bug#496141: New version, new patch

Sun, 14 Sep 2008 01:56:40 -0700 

rc10 still has this problem.
Here's updated patch that works for me on new version.

-- 
     --HoverHell (ICQ#174520, XMPP/GTalk here, GPG 30E202CB).

diff -dpr openvpn-2.1~rc10-orig/options.c openvpn-2.1~rc10/options.c
*** openvpn-2.1~rc10-orig/options.c	2008-09-14 12:20:27.242403337 +0500
--- openvpn-2.1~rc10/options.c	2008-09-14 12:22:41.416404095 +0500
*************** add_option (struct options *options,
*** 3436,3446 ****
    else if (streq (p[0], "lladdr") && p[1])
      {
        VERIFY_PERMISSION (OPT_P_UP);
!       if (ip_addr_dotted_quad_safe (p[1])) /* FQDN -- IP address only */
  	options->lladdr = p[1];
        else
  	{
! 	  msg (msglevel, "lladdr parm '%s' must be an IP address", p[1]);
  	  goto err;
  	}
      }
--- 3436,3446 ----
    else if (streq (p[0], "lladdr") && p[1])
      {
        VERIFY_PERMISSION (OPT_P_UP);
!       if (mac_addr_safe (p[1])) /* MAC address only */
  	options->lladdr = p[1];
        else
  	{
! 	  msg (msglevel, "lladdr parm '%s' must be an MAC address", p[1]);
  	  goto err;
  	}
      }
diff -dpr openvpn-2.1~rc10-orig/socket.c openvpn-2.1~rc10/socket.c
*** openvpn-2.1~rc10-orig/socket.c	2008-09-14 12:20:27.477402960 +0500
--- openvpn-2.1~rc10/socket.c	2008-09-14 12:25:55.614403897 +0500
*************** ip_addr_dotted_quad_safe (const char *do
*** 294,299 ****
--- 294,340 ----
    }
  }
  
+ bool
+ mac_addr_safe (const char *mac_addr)
+ {
+   /* verify non-NULL */
+   if (!mac_addr)
+     return false;
+ 
+   /* verify length is within limits */
+   if (strlen (mac_addr) > 17)
+     return false;
+ 
+   /* verify that all chars are either alphanumeric or ':' and that no
+      alphanumeric substring is greater than 2 chars */
+   {
+     int nnum = 0;
+     const char *p = mac_addr;
+     int c;
+ 
+     while ((c = *p++))
+       {
+ 	if ( (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') )
+ 	  {
+ 	    ++nnum;
+ 	    if (nnum > 2)
+ 	      return false;
+ 	  }
+ 	else if (c == ':')
+ 	  {
+ 	    nnum = 0;
+ 	  }
+ 	else
+ 	  return false;
+       }
+   }
+ 
+   /* error-checking is left to script invoked in lladdr.c */
+   return true;
+ 
+ }
+ 
+ 
  static bool
  dns_addr_safe (const char *addr)
  {
diff -dpr openvpn-2.1~rc10-orig/socket.h openvpn-2.1~rc10/socket.h
*** openvpn-2.1~rc10-orig/socket.h	2008-09-14 12:20:26.997403357 +0500
--- openvpn-2.1~rc10/socket.h	2008-09-14 12:25:53.908409244 +0500
*************** int openvpn_inet_aton (const char *dotte
*** 399,404 ****
--- 399,405 ----
  
  /* integrity validation on pulled options */
  bool ip_addr_dotted_quad_safe (const char *dotted_quad);
+ bool mac_addr_safe (const char *mac_addr);
  bool ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn);
  
  socket_descriptor_t create_socket_tcp (void);

Reply via email to