From patchwork Sun Jun 23 21:14:38 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Westphal X-Patchwork-Id: 253601 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 893E72C04C0 for ; Mon, 24 Jun 2013 07:16:15 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751186Ab3FWVQN (ORCPT ); Sun, 23 Jun 2013 17:16:13 -0400 Received: from Chamillionaire.breakpoint.cc ([80.244.247.6]:44875 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751049Ab3FWVQN (ORCPT ); Sun, 23 Jun 2013 17:16:13 -0400 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.72) (envelope-from ) id 1Uqrdq-0006in-9i; Sun, 23 Jun 2013 23:16:10 +0200 From: Florian Westphal To: netfilter-devel@vger.kernel.org Cc: Florian Westphal Subject: [PATCH lnf-ct 1/2] conntrack: labels: skip labels with non-alnum characters Date: Sun, 23 Jun 2013 23:14:38 +0200 Message-Id: <1372022079-11719-1-git-send-email-fw@strlen.de> X-Mailer: git-send-email 1.8.1.5 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Can always lift this restriction later but for now enforce strict label naming. This is mainly to make sure that e.g. using conntrack ... -o xml,connlabels will output the expected format, without nasty surprises. Signed-off-by: Florian Westphal --- I've split this into a separate patch since it has noting to do with the nfct_snprintf change. src/conntrack/labels.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/src/conntrack/labels.c b/src/conntrack/labels.c index 7393c42..7dfb780 100644 --- a/src/conntrack/labels.c +++ b/src/conntrack/labels.c @@ -1,3 +1,4 @@ +#include #include #include "internal/internal.h" @@ -184,6 +185,30 @@ static struct nfct_labelmap *map_alloc(void) return map; } +/* + * We will only accept alpha numerical labels; else + * parses might choke on output when label named + * "foo;<&bar" exists. ASCII machines only. + * + * Avoids libc isalnum() etc. to avoid issues with locale + * settings. + */ +static bool label_is_sane(const char *label) +{ + for (;*label; label++) { + if (*label >= 'a' && *label <= 'z') + continue; + if (*label >= 'A' && *label <= 'Z') + continue; + if (*label >= '0' && *label <= '9') + continue; + if (*label == ' ' || *label == '-') + continue; + return false; + } + return true; +} + struct nfct_labelmap *__labelmap_new(const char *name) { struct nfct_labelmap *map; @@ -219,7 +244,8 @@ struct nfct_labelmap *__labelmap_new(const char *name) end = trim_label(end); if (!end) continue; - if (map_insert(map, end, bit) == 0) { + + if (label_is_sane(end) && map_insert(map, end, bit) == 0) { added++; if (maxbit < bit) maxbit = bit;