accept more valid (and invalid) IPv6 addresses

author Ralf Jung <post@ralfj.de>

Fri, 6 Mar 2015 12:15:10 +0000 (13:15 +0100)

committer Ralf Jung <post@ralfj.de>

Fri, 6 Mar 2015 12:15:10 +0000 (13:15 +0100)
author Ralf Jung <post@ralfj.de>
Fri, 6 Mar 2015 12:15:10 +0000 (13:15 +0100)
committer Ralf Jung <post@ralfj.de>
Fri, 6 Mar 2015 12:15:10 +0000 (13:15 +0100)
diff --git a/nsupd-wrapper/dyn-nsupdate.cpp b/nsupd-wrapper/dyn-nsupdate.cpp

index 7424a363146affbddc18fdf89caa0cdf93753c1d..2acf3c0b3bcb229bfb78efd988007905ab6461c3 100644 (file)
--- a/nsupd-wrapper/dyn-nsupdate.cpp
+++ b/nsupd-wrapper/dyn-nsupdate.cpp
@@ -52,8 +52,15 @@ static void write(int fd, const char *str)
  int main(int argc, const char ** argv)
  {
      try {
-        static const regex regex_ipv4("\\d{1,3}(\\.\\d{1,3}){3}|");
-        static const regex regex_ipv6("[a-fA-F0-9]{1,4}(:[a-fA-F0-9]{1,4}){7}|");
+        // These regular expressions are not supposed to be fully precise: nsupdate will check the addresses, too.
+        // However, they have to make sure that there can be no injection attacks.
+#define GROUP "[0-9]{1,3}"
+        static const regex regex_ipv4(GROUP "(\\." GROUP "){3}|");
+#undef GROUP
+#define GROUP "[a-fA-F0-9]{1,4}"
+        static const regex regex_ipv6("(" GROUP "(::?" GROUP "){0,6})?::?" GROUP "|");
+#undef GROUP
+        
          static const regex regex_password("[a-zA-Z0-9.:;,_-]+");
          static const regex regex_domain("[a-zA-Z0-9.]+");
author	Ralf Jung <post@ralfj.de>
	Fri, 6 Mar 2015 12:15:10 +0000 (13:15 +0100)
committer	Ralf Jung <post@ralfj.de>
	Fri, 6 Mar 2015 12:15:10 +0000 (13:15 +0100)