diff options
| author | Rob Austein <sra@hactrn.net> | 2006-07-25 02:24:51 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2006-07-25 02:24:51 +0000 |
| commit | 9be4a2742cb969ec6af7e933598a08932c0c4ef4 (patch) | |
| tree | a786ebd244913ca16a6ea17ca0c44ca9c5e20ed6 /openssl/trunk/crypto/x509v3 | |
| parent | a3ca6c0d1fb94ac1509030bbc69ffa49e70ac2c5 (diff) | |
Handle bare IP address, tighten up syntax checking a bit. Sure would
be nice if inet_pton() returned an endptr value like strtoul().
svn path=/openssl/trunk/crypto/x509v3/v3_addr.c; revision=58
Diffstat (limited to 'openssl/trunk/crypto/x509v3')
| -rw-r--r-- | openssl/trunk/crypto/x509v3/v3_addr.c | 44 |
1 files changed, 28 insertions, 16 deletions
diff --git a/openssl/trunk/crypto/x509v3/v3_addr.c b/openssl/trunk/crypto/x509v3/v3_addr.c index e947100f..95579539 100644 --- a/openssl/trunk/crypto/x509v3/v3_addr.c +++ b/openssl/trunk/crypto/x509v3/v3_addr.c @@ -765,7 +765,10 @@ static void *v2i_IPAddrBlocks(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values) { + static const char v4addr_chars[] = "0123456789."; + static const char v6addr_chars[] = "0123456789.:abcdefABCDEF"; IPAddrBlocks *addr = NULL; + char *addr_chars; int i; if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) { @@ -818,9 +821,11 @@ static void *v2i_IPAddrBlocks(struct v3_ext_method *method, switch (afi) { case IANA_AFI_IPV4: af = AF_INET; + addr_chars = v4addr_chars; break; case IANA_AFI_IPV6: af = AF_INET6; + addr_chars = v6addr_chars; break; } @@ -830,25 +835,14 @@ static void *v2i_IPAddrBlocks(struct v3_ext_method *method, goto err; } -#warning need to handle bare address, neither range nor prefix - /* - * Need to rewrite this part of the code slightly if we're going - * to support bare address. Need not be optimized as I don't - * really expect it to be used often, so just doing - * addr_range(min,min) should suffice and avoids having to set the - * length for a prefix. - */ - - if ((s = strpbrk(s, "-/")) == NULL) { - X509V3err(X509V3_F_V2I_IPAddrBlocks, X509V3_R_EXTENSION_VALUE_ERROR); - X509V3_conf_err(val); - goto err; - } + s += strspn(s, addr_chars); + s += strspn(s, " \t"); switch (*s++) { case '/': prefixlen = (int) strtoul(s, &s, 10); - if (*(s + strspn(s, " \t")) != '\0') { + s += strspn(s, " \t"); + if (*s != '\0') { X509V3err(X509V3_F_V2I_IPAddrBlocks, X509V3_R_EXTENSION_VALUE_ERROR); X509V3_conf_err(val); goto err; @@ -861,7 +855,14 @@ static void *v2i_IPAddrBlocks(struct v3_ext_method *method, break; case '-': s += strspn(s, " \t"); - if (inet_pton(af, s, max) != 1 || *(s + strspn(s, " \t")) != '\0') { + if (inet_pton(af, s, max) != 1) { + X509V3err(X509V3_F_V2I_IPAddrBlocks, X509V3_R_EXTENSION_VALUE_ERROR); + X509V3_conf_err(val); + goto err; + } + s += strspn(s, addr_chars); + s += strspn(s, " \t"); + if (*s != '\0') { X509V3err(X509V3_F_V2I_IPAddrBlocks, X509V3_R_EXTENSION_VALUE_ERROR); X509V3_conf_err(val); goto err; @@ -872,6 +873,17 @@ static void *v2i_IPAddrBlocks(struct v3_ext_method *method, goto err; } break; + case '\0': + if (!addr_add_range(addr, afi, safi, min, min)) { + X509V3err(X509V3_F_V2I_IPAddrBlocks, ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + break; + default: + X509V3err(X509V3_F_V2I_IPAddrBlocks, X509V3_R_EXTENSION_VALUE_ERROR); + X509V3_conf_err(val); + goto err; } } |