From: Florian Westphal <fw@strlen.de>
To: netfilter-devel@vger.kernel.org
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH lnf-ct 1/2] conntrack: labels: skip labels with non-alnum characters
Date: Sun, 23 Jun 2013 23:14:38 +0200 [thread overview]
Message-ID: <1372022079-11719-1-git-send-email-fw@strlen.de> (raw)
Can always lift this restriction later but for now enforce
strict label naming.
This is mainly to make sure that e.g. using
conntrack ... -o xml,connlabels
will output the expected format, without nasty surprises.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
I've split this into a separate patch since it has noting
to do with the nfct_snprintf change.
src/conntrack/labels.c | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/src/conntrack/labels.c b/src/conntrack/labels.c
index 7393c42..7dfb780 100644
--- a/src/conntrack/labels.c
+++ b/src/conntrack/labels.c
@@ -1,3 +1,4 @@
+#include <stdbool.h>
#include <stdint.h>
#include "internal/internal.h"
@@ -184,6 +185,30 @@ static struct nfct_labelmap *map_alloc(void)
return map;
}
+/*
+ * We will only accept alpha numerical labels; else
+ * parses might choke on output when label named
+ * "foo;<&bar" exists. ASCII machines only.
+ *
+ * Avoids libc isalnum() etc. to avoid issues with locale
+ * settings.
+ */
+static bool label_is_sane(const char *label)
+{
+ for (;*label; label++) {
+ if (*label >= 'a' && *label <= 'z')
+ continue;
+ if (*label >= 'A' && *label <= 'Z')
+ continue;
+ if (*label >= '0' && *label <= '9')
+ continue;
+ if (*label == ' ' || *label == '-')
+ continue;
+ return false;
+ }
+ return true;
+}
+
struct nfct_labelmap *__labelmap_new(const char *name)
{
struct nfct_labelmap *map;
@@ -219,7 +244,8 @@ struct nfct_labelmap *__labelmap_new(const char *name)
end = trim_label(end);
if (!end)
continue;
- if (map_insert(map, end, bit) == 0) {
+
+ if (label_is_sane(end) && map_insert(map, end, bit) == 0) {
added++;
if (maxbit < bit)
maxbit = bit;
--
1.8.1.5
next reply other threads:[~2013-06-23 21:16 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-23 21:14 Florian Westphal [this message]
2013-06-23 21:14 ` [PATCH V2 lnf-ct 2/2] conntrack: snprintf: add connlabel format specifier Florian Westphal
2013-06-25 15:39 ` Pablo Neira Ayuso
2013-06-25 19:43 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1372022079-11719-1-git-send-email-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).