Add ipfw_check_object_name_generic() function to do basic checks for an

object name correctness. Each type of object can do more strict checking
in own implementation. Do such checks for tables in check_table_name().

Reviewed by:	melifaro
Obtained from:	Yandex LLC
Sponsored by:	Yandex LLC

sys/netpfil/ipfw/ip_fw_private.h

@@ -693,6 +693,7 @@ void update_opcode_kidx(ipfw_insn *cmd, uint16_t idx);
 int classify_opcode_kidx(ipfw_insn *cmd, uint16_t *puidx);
 void ipfw_init_srv(struct ip_fw_chain *ch);
 void ipfw_destroy_srv(struct ip_fw_chain *ch);
+int ipfw_check_object_name_generic(const char *name);
 
 /* In ip_fw_table.c */
 struct table_info;

sys/netpfil/ipfw/ip_fw_sockopt.c

@@ -2156,19 +2156,16 @@ dump_config(struct ip_fw_chain *chain, ip_fw3_opheader *op3,
 	return (error);
 }
 
-static int
-check_object_name(ipfw_obj_ntlv *ntlv)
+int
+ipfw_check_object_name_generic(const char *name)
 {
-	int error;
-
-	switch (ntlv->head.type) {
-	case IPFW_TLV_TBL_NAME:
-		error = ipfw_check_table_name(ntlv->name);
-		break;
-	default:
-		error = ENOTSUP;
-	}
+	int nsize;
 
+	nsize = sizeof(((ipfw_obj_ntlv *)0)->name);
+	if (strnlen(name, nsize) == nsize)
+		return (EINVAL);
+	if (name[0] == '\0')
+		return (EINVAL);
 	return (0);
 }
 
@@ -2483,7 +2480,7 @@ add_rules(struct ip_fw_chain *chain, ip_fw3_opheader *op3,
 			if (ntlv->head.length != sizeof(ipfw_obj_ntlv))
 				return (EINVAL);
 
-			error = check_object_name(ntlv);
+			error = ipfw_check_object_name_generic(ntlv->name);
 			if (error != 0)
 				return (error);
 

sys/netpfil/ipfw/ip_fw_table.c

@@ -115,6 +115,7 @@ static int dump_table_xentry(void *e, void *arg);
 static int swap_tables(struct ip_fw_chain *ch, struct tid_info *a,
     struct tid_info *b);
 
+static int check_table_name(const char *name);
 static int check_table_space(struct ip_fw_chain *ch, struct tableop_state *ts,
     struct table_config *tc, struct table_info *ti, uint32_t count);
 static int destroy_table(struct ip_fw_chain *ch, struct tid_info *ti);
@@ -1794,7 +1795,7 @@ modify_table(struct ip_fw_chain *ch, ip_fw3_opheader *op3,
 	 * Check for null-terminated/zero-length strings/
 	 */
 	tname = oh->ntlv.name;
-	if (ipfw_check_table_name(tname) != 0)
+	if (check_table_name(tname) != 0)
 		return (EINVAL);
 
 	objheader_to_ti(oh, &ti);
@@ -1851,7 +1852,7 @@ create_table(struct ip_fw_chain *ch, ip_fw3_opheader *op3,
 	 */
 	tname = oh->ntlv.name;
 	aname = i->algoname;
-	if (ipfw_check_table_name(tname) != 0 ||
+	if (check_table_name(tname) != 0 ||
 	    strnlen(aname, sizeof(i->algoname)) == sizeof(i->algoname))
 		return (EINVAL);
 
@@ -2915,25 +2916,14 @@ static struct opcode_obj_rewrite opcodes[] = {
  *
  * Returns 0 if name is considered valid.
  */
-int
-ipfw_check_table_name(char *name)
+static int
+check_table_name(const char *name)
 {
-	int nsize;
-	ipfw_obj_ntlv *ntlv = NULL;
-
-	nsize = sizeof(ntlv->name);
-
-	if (strnlen(name, nsize) == nsize)
-		return (EINVAL);
-
-	if (name[0] == '\0')
-		return (EINVAL);
 
 	/*
 	 * TODO: do some more complicated checks
 	 */
-
-	return (0);
+	return (ipfw_check_object_name_generic(name));
 }
 
 /*
@@ -2965,7 +2955,7 @@ find_name_tlv(void *tlvs, int len, uint16_t uidx)
 		if (ntlv->idx != uidx)
 			continue;
 
-		if (ipfw_check_table_name(ntlv->name) != 0)
+		if (check_table_name(ntlv->name) != 0)
 			return (NULL);
 		
 		return (ntlv);

sys/netpfil/ipfw/ip_fw_table.h

@@ -187,7 +187,6 @@ void ipfw_unref_rule_tables(struct ip_fw_chain *chain, struct ip_fw *rule);
 struct namedobj_instance *ipfw_get_table_objhash(struct ip_fw_chain *ch);
 
 /* utility functions  */
-int ipfw_check_table_name(char *name);
 int ipfw_move_tables_sets(struct ip_fw_chain *ch, ipfw_range_tlv *rt,
     uint32_t new_set);
 void ipfw_swap_tables_sets(struct ip_fw_chain *ch, uint32_t old_set,