Hi,
On Tue, Apr 04, 2023 at 10:32:26AM +0200, Gianmarco De Gregori wrote:
> diff --git a/src/openvpn/route.c b/src/openvpn/route.c
> index 3798bc65..00419dce 100644
> --- a/src/openvpn/route.c
> +++ b/src/openvpn/route.c
> @@ -325,7 +325,6 @@ init_route(struct route_ipv4 *r,
>
> CLEAR(*r);
> r->option = ro;
> -
> /* network */
>
> if (!is_route_parm_defined(ro->network))
> @@ -437,6 +436,27 @@ init_route(struct route_ipv4 *r,
>
> r->flags |= RT_DEFINED;
>
> + /* routing table id */
> +
> + r->table_id = 0;
> + if (ro->table_id)
> + {
> + r->table_id = atoi(ro->table_id);
> + if (r->table_id < 0)
> + {
> + msg(M_WARN, PACKAGE_NAME "ROUTE: routing table id for network %s
> (%s) must be >= 0",
Frank's comments alerted me to this, and this certainly is not the way
to approach it. Syntax checking of the routing table ID must happen during
option parsing (options.c), not in init_route() - so, this function
should be able to rely on ro->table_id being an *int*, and properly
sanitized - "if set, the content is valid".
Same for IPv6, of course.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
