1
Index: openvpn-2.1_rc11/options.c
2
===================================================================
3
--- openvpn-2.1_rc11.orig/options.c 2008-09-18 00:28:30.813005586 +0200
4
+++ openvpn-2.1_rc11/options.c 2008-09-18 00:29:16.041367039 +0200
5
@@ -3436,11 +3436,11 @@
6
else if (streq (p[0], "lladdr") && p[1])
8
VERIFY_PERMISSION (OPT_P_UP);
9
- if (ip_addr_dotted_quad_safe (p[1])) /* FQDN -- IP address only */
10
+ if (mac_addr_safe (p[1])) /* MAC address only */
11
options->lladdr = p[1];
14
- msg (msglevel, "lladdr parm '%s' must be an IP address", p[1]);
15
+ msg (msglevel, "lladdr parm '%s' must be an MAC address", p[1]);
19
Index: openvpn-2.1_rc11/socket.c
20
===================================================================
21
--- openvpn-2.1_rc11.orig/socket.c 2008-09-18 00:28:36.304471508 +0200
22
+++ openvpn-2.1_rc11/socket.c 2008-09-18 00:29:16.044367597 +0200
28
+mac_addr_safe (const char *mac_addr)
30
+ /* verify non-NULL */
34
+ /* verify length is within limits */
35
+ if (strlen (mac_addr) > 17)
38
+ /* verify that all chars are either alphanumeric or ':' and that no
39
+ alphanumeric substring is greater than 2 chars */
42
+ const char *p = mac_addr;
47
+ if ( (c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F') )
62
+ /* error-checking is left to script invoked in lladdr.c */
69
dns_addr_safe (const char *addr)
71
Index: openvpn-2.1_rc11/socket.h
72
===================================================================
73
--- openvpn-2.1_rc11.orig/socket.h 2008-09-18 00:28:41.083135754 +0200
74
+++ openvpn-2.1_rc11/socket.h 2008-09-18 00:29:16.046367039 +0200
77
/* integrity validation on pulled options */
78
bool ip_addr_dotted_quad_safe (const char *dotted_quad);
79
+bool mac_addr_safe (const char *mac_addr);
80
bool ip_or_dns_addr_safe (const char *addr, const bool allow_fqdn);
82
socket_descriptor_t create_socket_tcp (void);