diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2018-03-24 09:34:35 +0100 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2018-05-14 15:22:50 +0200 |
commit | 82ebfa73514d853f4da39c5108b30f4643ce727e (patch) | |
tree | 91f85714c4b55c4277bc98e39cee79fea7f6e04d | |
parent | 14b6e330e268f60678e336df4a6dce5acf62af69 (diff) |
core: reject invalid domains from ip configurations
Reject domains containing ".." or starting with "."
-rw-r--r-- | src/nm-ip4-config.c | 66 | ||||
-rw-r--r-- | src/nm-ip4-config.h | 2 | ||||
-rw-r--r-- | src/nm-ip6-config.c | 41 | ||||
-rw-r--r-- | src/tests/test-ip4-config.c | 6 | ||||
-rw-r--r-- | src/tests/test-ip6-config.c | 6 |
5 files changed, 47 insertions, 74 deletions
diff --git a/src/nm-ip4-config.c b/src/nm-ip4-config.c index 0a9591d28..6ae81b573 100644 --- a/src/nm-ip4-config.c +++ b/src/nm-ip4-config.c @@ -2333,6 +2333,31 @@ _nm_ip4_config_get_nameserver (const NMIP4Config *self, guint i) /*****************************************************************************/ +gboolean +_nm_ip_config_check_and_add_domain (GPtrArray *array, const char *domain) +{ + char *copy = NULL; + size_t len; + + g_return_val_if_fail (domain, FALSE); + g_return_val_if_fail (domain[0] != '\0', FALSE); + + if (domain[0] == '.' || strstr (domain, "..")) + return FALSE; + + len = strlen (domain); + if (domain[len - 1] == '.') + domain = copy = g_strndup (domain, len - 1); + + if (nm_utils_strv_find_first ((char **) array->pdata, array->len, domain) >= 0) { + g_free (copy); + return FALSE; + } + + g_ptr_array_add (array, copy ?: g_strdup (domain)); + return TRUE; +} + void nm_ip4_config_reset_domains (NMIP4Config *self) { @@ -2348,17 +2373,9 @@ void nm_ip4_config_add_domain (NMIP4Config *self, const char *domain) { NMIP4ConfigPrivate *priv = NM_IP4_CONFIG_GET_PRIVATE (self); - int i; - - g_return_if_fail (domain != NULL); - g_return_if_fail (domain[0] != '\0'); - - for (i = 0; i < priv->domains->len; i++) - if (!g_strcmp0 (g_ptr_array_index (priv->domains, i), domain)) - return; - g_ptr_array_add (priv->domains, g_strdup (domain)); - _notify (self, PROP_DOMAINS); + if (_nm_ip_config_check_and_add_domain (priv->domains, domain)) + _notify (self, PROP_DOMAINS); } void @@ -2402,35 +2419,12 @@ nm_ip4_config_reset_searches (NMIP4Config *self) } void -nm_ip4_config_add_search (NMIP4Config *self, const char *new) +nm_ip4_config_add_search (NMIP4Config *self, const char *search) { NMIP4ConfigPrivate *priv = NM_IP4_CONFIG_GET_PRIVATE (self); - char *search; - size_t len; - - g_return_if_fail (new != NULL); - g_return_if_fail (new[0] != '\0'); - - search = g_strdup (new); - - /* Remove trailing dot as it has no effect */ - len = strlen (search); - if (search[len - 1] == '.') - search[len - 1] = 0; - if (!search[0]) { - g_free (search); - return; - } - - if (nm_utils_strv_find_first ((char **) priv->searches->pdata, - priv->searches->len, search) >= 0) { - g_free (search); - return; - } - - g_ptr_array_add (priv->searches, search); - _notify (self, PROP_SEARCHES); + if (_nm_ip_config_check_and_add_domain (priv->searches, search)) + _notify (self, PROP_SEARCHES); } void diff --git a/src/nm-ip4-config.h b/src/nm-ip4-config.h index f8ff74f23..a7c2b78bd 100644 --- a/src/nm-ip4-config.h +++ b/src/nm-ip4-config.h @@ -288,6 +288,8 @@ gboolean nm_ip4_config_nmpobj_remove (NMIP4Config *self, void nm_ip4_config_hash (const NMIP4Config *self, GChecksum *sum, gboolean dns_only); gboolean nm_ip4_config_equal (const NMIP4Config *a, const NMIP4Config *b); +gboolean _nm_ip_config_check_and_add_domain (GPtrArray *array, const char *domain); + /*****************************************************************************/ #include "nm-ip6-config.h" diff --git a/src/nm-ip6-config.c b/src/nm-ip6-config.c index 77a3eee2d..9807d3882 100644 --- a/src/nm-ip6-config.c +++ b/src/nm-ip6-config.c @@ -2117,17 +2117,9 @@ void nm_ip6_config_add_domain (NMIP6Config *self, const char *domain) { NMIP6ConfigPrivate *priv = NM_IP6_CONFIG_GET_PRIVATE (self); - int i; - - g_return_if_fail (domain != NULL); - g_return_if_fail (domain[0] != '\0'); - for (i = 0; i < priv->domains->len; i++) - if (!g_strcmp0 (g_ptr_array_index (priv->domains, i), domain)) - return; - - g_ptr_array_add (priv->domains, g_strdup (domain)); - _notify (self, PROP_DOMAINS); + if (_nm_ip_config_check_and_add_domain (priv->domains, domain)) + _notify (self, PROP_DOMAINS); } void @@ -2171,35 +2163,12 @@ nm_ip6_config_reset_searches (NMIP6Config *self) } void -nm_ip6_config_add_search (NMIP6Config *self, const char *new) +nm_ip6_config_add_search (NMIP6Config *self, const char *search) { NMIP6ConfigPrivate *priv = NM_IP6_CONFIG_GET_PRIVATE (self); - char *search; - size_t len; - - g_return_if_fail (new != NULL); - g_return_if_fail (new[0] != '\0'); - - search = g_strdup (new); - /* Remove trailing dot as it has no effect */ - len = strlen (search); - if (search[len - 1] == '.') - search[len - 1] = 0; - - if (!search[0]) { - g_free (search); - return; - } - - if (nm_utils_strv_find_first ((char **) priv->searches->pdata, - priv->searches->len, search) >= 0) { - g_free (search); - return; - } - - g_ptr_array_add (priv->searches, search); - _notify (self, PROP_SEARCHES); + if (_nm_ip_config_check_and_add_domain (priv->searches, search)) + _notify (self, PROP_SEARCHES); } void diff --git a/src/tests/test-ip4-config.c b/src/tests/test-ip4-config.c index 4c3c344e4..9fea6af5b 100644 --- a/src/tests/test-ip4-config.c +++ b/src/tests/test-ip4-config.c @@ -319,11 +319,15 @@ test_strip_search_trailing_dot (void) nm_ip4_config_add_search (config, "bar."); nm_ip4_config_add_search (config, "baz.com"); nm_ip4_config_add_search (config, "baz.com."); + nm_ip4_config_add_search (config, "foobar.."); + nm_ip4_config_add_search (config, ".foobar"); + nm_ip4_config_add_search (config, "~."); - g_assert_cmpuint (nm_ip4_config_get_num_searches (config), ==, 3); + g_assert_cmpuint (nm_ip4_config_get_num_searches (config), ==, 4); g_assert_cmpstr (nm_ip4_config_get_search (config, 0), ==, "foo"); g_assert_cmpstr (nm_ip4_config_get_search (config, 1), ==, "bar"); g_assert_cmpstr (nm_ip4_config_get_search (config, 2), ==, "baz.com"); + g_assert_cmpstr (nm_ip4_config_get_search (config, 3), ==, "~"); g_object_unref (config); } diff --git a/src/tests/test-ip6-config.c b/src/tests/test-ip6-config.c index 816a816f0..a03d89b07 100644 --- a/src/tests/test-ip6-config.c +++ b/src/tests/test-ip6-config.c @@ -340,11 +340,15 @@ test_strip_search_trailing_dot (void) nm_ip6_config_add_search (config, "bar."); nm_ip6_config_add_search (config, "baz.com"); nm_ip6_config_add_search (config, "baz.com."); + nm_ip6_config_add_search (config, "foobar.."); + nm_ip6_config_add_search (config, ".foobar"); + nm_ip6_config_add_search (config, "~."); - g_assert_cmpuint (nm_ip6_config_get_num_searches (config), ==, 3); + g_assert_cmpuint (nm_ip6_config_get_num_searches (config), ==, 4); g_assert_cmpstr (nm_ip6_config_get_search (config, 0), ==, "foo"); g_assert_cmpstr (nm_ip6_config_get_search (config, 1), ==, "bar"); g_assert_cmpstr (nm_ip6_config_get_search (config, 2), ==, "baz.com"); + g_assert_cmpstr (nm_ip6_config_get_search (config, 3), ==, "~"); g_object_unref (config); } |