From: Ralf Jung Date: Fri, 6 Mar 2015 12:15:10 +0000 (+0100) Subject: accept more valid (and invalid) IPv6 addresses X-Git-Url: https://git.ralfj.de/dyn-nsupdate.git/commitdiff_plain/49122aa56b2250ca93fbcb099c28a5c0b0e12c86?ds=inline accept more valid (and invalid) IPv6 addresses --- diff --git a/nsupd-wrapper/dyn-nsupdate.cpp b/nsupd-wrapper/dyn-nsupdate.cpp index 7424a36..2acf3c0 100644 --- a/nsupd-wrapper/dyn-nsupdate.cpp +++ b/nsupd-wrapper/dyn-nsupdate.cpp @@ -52,8 +52,15 @@ static void write(int fd, const char *str) int main(int argc, const char ** argv) { try { - static const regex regex_ipv4("\\d{1,3}(\\.\\d{1,3}){3}|"); - static const regex regex_ipv6("[a-fA-F0-9]{1,4}(:[a-fA-F0-9]{1,4}){7}|"); + // These regular expressions are not supposed to be fully precise: nsupdate will check the addresses, too. + // However, they have to make sure that there can be no injection attacks. +#define GROUP "[0-9]{1,3}" + static const regex regex_ipv4(GROUP "(\\." GROUP "){3}|"); +#undef GROUP +#define GROUP "[a-fA-F0-9]{1,4}" + static const regex regex_ipv6("(" GROUP "(::?" GROUP "){0,6})?::?" GROUP "|"); +#undef GROUP + static const regex regex_password("[a-zA-Z0-9.:;,_-]+"); static const regex regex_domain("[a-zA-Z0-9.]+");