Perform additional input validation on options pulled

by client from server. Fixes --iproute vulnerability. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3126 e7ae566f-a301-0410-adde-c780ea21d3b5
author: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2008-07-26 23:08:29 +0000
committer: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2008-07-26 23:08:29 +0000
commit: b4073a760205f6c341425fe5dd28313e3a12f567 (patch)
tree: ed22c69f356d8704f19318ef30124679f5e1f4f8 /route.c
parent: c373382c1edabd134c938e3c272ee40b5ee590b6 (diff)
download: openvpn-b4073a760205f6c341425fe5dd28313e3a12f567.tar.gz
openvpn-b4073a760205f6c341425fe5dd28313e3a12f567.tar.xz
openvpn-b4073a760205f6c341425fe5dd28313e3a12f567.zip
1 files changed, 38 insertions, 16 deletions
diff --git a/route.c b/route.c
index 5b7b036..bc312e8 100644
--- a/route.c
+++ b/route.c
@@ -139,43 +139,65 @@ get_special_addr (const struct route_special_addr *spec,
 		  in_addr_t *out,
 		  bool *status)
 {
-  *status = true;
+  if (status)
+    *status = true;
   if (!strcmp (string, "vpn_gateway"))
     {
-      if (spec->remote_endpoint_defined)
-	*out = spec->remote_endpoint;
-      else
+      if (spec)
 	{
-	  msg (M_INFO, PACKAGE_NAME " ROUTE: vpn_gateway undefined");
-	  *status = false;
+	  if (spec->remote_endpoint_defined)
+	    *out = spec->remote_endpoint;
+	  else
+	    {
+	      msg (M_INFO, PACKAGE_NAME " ROUTE: vpn_gateway undefined");
+	      if (status)
+		*status = false;
+	    }
 	}
       return true;
     }
   else if (!strcmp (string, "net_gateway"))
     {
-      if (spec->net_gateway_defined)
-	*out = spec->net_gateway;
-      else
+      if (spec)
 	{
-	  msg (M_INFO, PACKAGE_NAME " ROUTE: net_gateway undefined -- unable to get default gateway from system");
-	  *status = false;
+	  if (spec->net_gateway_defined)
+	    *out = spec->net_gateway;
+	  else
+	    {
+	      msg (M_INFO, PACKAGE_NAME " ROUTE: net_gateway undefined -- unable to get default gateway from system");
+	      if (status)
+		*status = false;
+	    }
 	}
       return true;
     }
   else if (!strcmp (string, "remote_host"))
     {
-      if (spec->remote_host_defined)
-	*out = spec->remote_host;
-      else
+      if (spec)
 	{
-	  msg (M_INFO, PACKAGE_NAME " ROUTE: remote_host undefined");
-	  *status = false;
+	  if (spec->remote_host_defined)
+	    *out = spec->remote_host;
+	  else
+	    {
+	      msg (M_INFO, PACKAGE_NAME " ROUTE: remote_host undefined");
+	      if (status)
+		*status = false;
+	    }
 	}
       return true;
     }
   return false;
 }
 
+bool
+is_special_addr (const char *addr_str)
+{
+  if (addr_str)
+    return get_special_addr (NULL, addr_str, NULL, NULL);
+  else
+    return false;
+}
+
 static bool
 init_route (struct route *r,
 	    const struct route_option *ro,
author	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2008-07-26 23:08:29 +0000
committer	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2008-07-26 23:08:29 +0000
commit	b4073a760205f6c341425fe5dd28313e3a12f567 (patch)
tree	ed22c69f356d8704f19318ef30124679f5e1f4f8 /route.c
parent	c373382c1edabd134c938e3c272ee40b5ee590b6 (diff)
download	openvpn-b4073a760205f6c341425fe5dd28313e3a12f567.tar.gz openvpn-b4073a760205f6c341425fe5dd28313e3a12f567.tar.xz openvpn-b4073a760205f6c341425fe5dd28313e3a12f567.zip