diff options
| -rw-r--r-- | options.c | 4 | ||||
| -rw-r--r-- | socket.c | 39 | ||||
| -rw-r--r-- | socket.h | 1 |
3 files changed, 42 insertions, 2 deletions
@@ -3436,11 +3436,11 @@ add_option (struct options *options, else if (streq (p[0], "lladdr") && p[1]) { VERIFY_PERMISSION (OPT_P_UP); - if (ip_addr_dotted_quad_safe (p[1])) /* FQDN -- IP address only */ + if (mac_addr_safe (p[1])) /* MAC address only */ options->lladdr = p[1]; else { - msg (msglevel, "lladdr parm '%s' must be an IP address", p[1]); + msg (msglevel, "lladdr parm '%s' must be a MAC address", p[1]); goto err; } } @@ -317,6 +317,45 @@ ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn) return false; } +bool +mac_addr_safe (const char *mac_addr) +{ + /* verify non-NULL */ + if (!mac_addr) + return false; + + /* verify length is within limits */ + if (strlen (mac_addr) > 17) + return false; + + /* verify that all chars are either alphanumeric or ':' and that no + alphanumeric substring is greater than 2 chars */ + { + int nnum = 0; + const char *p = mac_addr; + int c; + + while ((c = *p++)) + { + if ( (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') ) + { + ++nnum; + if (nnum > 2) + return false; + } + else if (c == ':') + { + nnum = 0; + } + else + return false; + } + } + + /* error-checking is left to script invoked in lladdr.c */ + return true; +} + static void update_remote (const char* host, struct openvpn_sockaddr *addr, @@ -400,6 +400,7 @@ int openvpn_inet_aton (const char *dotted_quad, struct in_addr *addr); /* integrity validation on pulled options */ bool ip_addr_dotted_quad_safe (const char *dotted_quad); bool ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn); +bool mac_addr_safe (const char *mac_addr); socket_descriptor_t create_socket_tcp (void); |