Parse IP addresses more securely - specifically, don't allow

a bum name to return as 0.0.0.0... we don't want ``delete xxx'' to delete the default route when xxx doesn't resolve. Support IP number specifications as the host when specifying a tcp-style device (rather than *just* hostnames).
svn path=/head/; revision=44279
2025-01-04 12:52:15 +00:00 · 1999-02-25 20:05:55 +00:00 · 1999-02-25 20:05:55 +00:00 · 26baedc5e4 · 2020-12-20 02:59:44 +00:00
commit 26baedc5e4
parent 401d37631a
4 changed files with 51 additions and 33 deletions
--- a/usr.sbin/ppp/command.c
+++ b/usr.sbin/ppp/command.c
@ -17,7 +17,7 @@
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
- * $Id: command.c,v 1.181 1999/02/16 00:16:55 brian Exp $
+ * $Id: command.c,v 1.182 1999/02/18 00:52:12 brian Exp $
 *
 */
 #include <sys/param.h>
@ -141,7 +141,7 @@
 #define NEG_DNS		52

 const char Version[] = "2.11";
-const char VersionDate[] = "$Date: 1999/02/16 00:16:55 $";
+const char VersionDate[] = "$Date: 1999/02/18 00:52:12 $";

 static int ShowCommand(struct cmdargs const *);
 static int TerminalCommand(struct cmdargs const *);
@ -1271,22 +1271,6 @@ SetEscape(struct cmdargs const *arg)
  return 0;
 }

-static struct in_addr
-GetIpAddr(const char *cp)
-{
-  struct hostent *hp;
-  struct in_addr ipaddr;
-
-  if (inet_aton(cp, &ipaddr) == 0) {
-    hp = gethostbyname(cp);
-    if (hp && hp->h_addrtype == AF_INET)
-      memcpy(&ipaddr, hp->h_addr, hp->h_length);
-    else
-      ipaddr.s_addr = 0;
-  }
-  return (ipaddr);
-}
-
 static int
 SetInterfaceAddr(struct cmdargs const *arg)
 {
@ -1941,10 +1925,11 @@ DeleteCommand(struct cmdargs const *arg)
        dest = arg->bundle->ncp.ipcp.peer_ip;
        addrs = ROUTE_DSTHISADDR;
      } else {
-        if (strcasecmp(arg->argv[arg->argn], "default") == 0)
-          dest.s_addr = INADDR_ANY;
-        else
-          dest = GetIpAddr(arg->argv[arg->argn]);
+        dest = GetIpAddr(arg->argv[arg->argn]);
+        if (dest.s_addr == INADDR_NONE) {
+          log_Printf(LogWARN, "%s: Invalid IP address\n", arg->argv[arg->argn]);
+          return -1;
+        }
        addrs = ROUTE_STATIC;
      }
      none.s_addr = INADDR_ANY;
--- a/usr.sbin/ppp/defs.c
+++ b/usr.sbin/ppp/defs.c
@ -23,10 +23,17 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- *	$Id: defs.c,v 1.16 1998/06/15 19:06:41 brian Exp $
+ *	$Id: defs.c,v 1.17 1998/06/27 14:18:05 brian Exp $
 */


+#include <sys/types.h>
+#include <netdb.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+
+#include <ctype.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/errno.h>
@ -114,3 +121,33 @@ Nam2mode(const char *name)

  return got == -1 ? 0 : modes[got].mode;
 }
+
+struct in_addr
+GetIpAddr(const char *cp)
+{
+  struct in_addr ipaddr;
+
+  if (!strcasecmp(cp, "default"))
+    ipaddr.s_addr = INADDR_ANY;
+  else if (inet_aton(cp, &ipaddr) == 0) {
+    const char *ptr;
+
+    /* Any illegal characters ? */
+    for (ptr = cp; *ptr != '\0'; ptr++)
+      if (!isalnum(*ptr) && strchr("-.", *ptr) == NULL)
+        break;
+
+    if (*ptr == '\0') {
+      struct hostent *hp;
+
+      hp = gethostbyname(cp);
+      if (hp && hp->h_addrtype == AF_INET)
+        memcpy(&ipaddr, hp->h_addr, hp->h_length);
+      else
+        ipaddr.s_addr = INADDR_NONE;
+    } else
+      ipaddr.s_addr = INADDR_NONE;
+  }
+
+  return ipaddr;
+}
--- a/usr.sbin/ppp/defs.h
+++ b/usr.sbin/ppp/defs.h
@ -15,7 +15,7 @@
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
- * $Id: defs.h,v 1.38 1999/02/11 10:14:08 brian Exp $
+ * $Id: defs.h,v 1.39 1999/02/16 00:16:56 brian Exp $
 *
 *	TODO:
 */
@ -93,3 +93,4 @@ extern void randinit(void);
 extern ssize_t fullread(int, void *, size_t);
 extern const char *mode2Nam(int);
 extern int Nam2mode(const char *);
+extern struct in_addr GetIpAddr(const char *);
--- a/usr.sbin/ppp/modem.c
+++ b/usr.sbin/ppp/modem.c
@ -17,7 +17,7 @@
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
- * $Id: modem.c,v 1.101 1999/01/28 01:56:33 brian Exp $
+ * $Id: modem.c,v 1.102 1999/02/16 00:16:56 brian Exp $
 *
 *  TODO:
 */
@ -393,19 +393,14 @@ OpenConnection(const char *name, char *host, char *port)
 {
  struct sockaddr_in dest;
  int sock;
-  struct hostent *hp;
  struct servent *sp;

  dest.sin_family = AF_INET;
  dest.sin_addr.s_addr = inet_addr(host);
+  dest.sin_addr = GetIpAddr(host);
  if (dest.sin_addr.s_addr == INADDR_NONE) {
-    hp = gethostbyname(host);
-    if (hp) {
-      memcpy(&dest.sin_addr.s_addr, hp->h_addr_list[0], 4);
-    } else {
-      log_Printf(LogWARN, "%s: %s: unknown host\n", name, host);
-      return (-1);
-    }
+    log_Printf(LogWARN, "%s: %s: unknown host\n", name, host);
+    return (-1);
  }
  dest.sin_port = htons(atoi(port));
  if (dest.sin_port == 0) {