diff options
author | delphij <delphij@FreeBSD.org> | 2007-05-17 06:08:42 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2007-05-17 06:08:42 +0000 |
commit | 94835f6f0dee5592b25eea8d9564637d7d138223 (patch) | |
tree | 61b6cc4e3edbd73acc5254695b6538dcdf5505ac | |
parent | 3f4b466ef1656afa796258ad55b9078d010487e5 (diff) | |
download | FreeBSD-src-94835f6f0dee5592b25eea8d9564637d7d138223.zip FreeBSD-src-94835f6f0dee5592b25eea8d9564637d7d138223.tar.gz |
Tighten IP address check, prevent '..' from being passed
from the check.
Submitted by: Ren Zhen <bg1tpt gmail com>
MFC after: 2 weeks
-rw-r--r-- | usr.sbin/sysinstall/tcpip.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/usr.sbin/sysinstall/tcpip.c b/usr.sbin/sysinstall/tcpip.c index dd22539..c1e0eed 100644 --- a/usr.sbin/sysinstall/tcpip.c +++ b/usr.sbin/sysinstall/tcpip.c @@ -122,7 +122,7 @@ static int verifyIP(char *ip, unsigned long *mask, unsigned long *out) { long a, b, c, d; - char *endptr; + char *endptr, *endptr_prev; unsigned long parsedip; unsigned long max_addr = (255 << 24) | (255 << 16) | (255 << 8) | 255; @@ -130,16 +130,19 @@ verifyIP(char *ip, unsigned long *mask, unsigned long *out) if (ip == NULL) return 0; a = strtol(ip, &endptr, 10); - if (*endptr++ != '.') + if (endptr - ip == 0 || *endptr++ != '.') return 0; + endptr_prev = endptr; b = strtol(endptr, &endptr, 10); - if (*endptr++ != '.') + if (endptr - endptr_prev == 0 || *endptr++ != '.') return 0; + endptr_prev = endptr; c = strtol(endptr, &endptr, 10); - if (*endptr++ != '.') + if (endptr - endptr_prev == 0 || *endptr++ != '.') return 0; + endptr_prev = endptr; d = strtol(endptr, &endptr, 10); - if (*endptr != '\0') + if (*endptr != '\0' || endptr - endptr_prev == 0) return 0; if (!_validByte(a) || !_validByte(b) || !_validByte(c) || !_validByte(d)) return 0; |