From: Ralf Jung <post@ralfj.de>
Date: Fri, 6 Mar 2015 12:15:10 +0000 (+0100)
Subject: accept more valid (and invalid) IPv6 addresses
X-Git-Url: https://git.ralfj.de/dyn-nsupdate.git/commitdiff_plain/49122aa56b2250ca93fbcb099c28a5c0b0e12c86

accept more valid (and invalid) IPv6 addresses
---

diff --git a/nsupd-wrapper/dyn-nsupdate.cpp b/nsupd-wrapper/dyn-nsupdate.cpp
index 7424a36..2acf3c0 100644
--- a/nsupd-wrapper/dyn-nsupdate.cpp
+++ b/nsupd-wrapper/dyn-nsupdate.cpp
@@ -52,8 +52,15 @@ static void write(int fd, const char *str)
 int main(int argc, const char ** argv)
 {
     try {
-        static const regex regex_ipv4("\\d{1,3}(\\.\\d{1,3}){3}|");
-        static const regex regex_ipv6("[a-fA-F0-9]{1,4}(:[a-fA-F0-9]{1,4}){7}|");
+        // These regular expressions are not supposed to be fully precise: nsupdate will check the addresses, too.
+        // However, they have to make sure that there can be no injection attacks.
+#define GROUP "[0-9]{1,3}"
+        static const regex regex_ipv4(GROUP "(\\." GROUP "){3}|");
+#undef GROUP
+#define GROUP "[a-fA-F0-9]{1,4}"
+        static const regex regex_ipv6("(" GROUP "(::?" GROUP "){0,6})?::?" GROUP "|");
+#undef GROUP
+        
         static const regex regex_password("[a-zA-Z0-9.:;,_-]+");
         static const regex regex_domain("[a-zA-Z0-9.]+");