From c8c9abc669cc0324c4afb35bfae850e98904d7ae Mon Sep 17 00:00:00 2001
From: Mukund Sivaraman <muks@banu.com>
Date: Mon, 9 Nov 2009 02:44:14 +0530
Subject: Fix validation of IPv6 addresses

---
 src/conf.c | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/conf.c b/src/conf.c
index ca2172f..edd0970 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -52,6 +52,27 @@
 #define ALNUM "([-a-z0-9._]+)"
 #define IP "((([0-9]{1,3})\\.){3}[0-9]{1,3})"
 #define IPMASK "(" IP "(/[[:digit:]]+)?)"
+#define IPV6 "(" \
+        "(^([0-9a-f]{1,4}:){1,1}(:[0-9a-f]{1,4}){1,6}$)|" \
+        "(^([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}$)|" \
+        "(^([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}$)|" \
+        "(^([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}$)|" \
+        "(^([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}$)|" \
+        "(^([0-9a-f]{1,4}:){1,6}(:[0-9a-f]{1,4}){1,1}$)|" \
+        "(^(([0-9a-f]{1,4}:){1,7}|:):$)|" \
+        "(^:(:[0-9a-f]{1,4}){1,7}$)|" \
+        "(^((([0-9a-f]{1,4}:){6})(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})$)|" \
+        "(^(([0-9a-f]{1,4}:){5}[0-9a-f]{1,4}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3})$)|" \
+        "(^([0-9a-f]{1,4}:){5}:[0-9a-f]{1,4}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$)|" \
+        "(^([0-9a-f]{1,4}:){1,1}(:[0-9a-f]{1,4}){1,4}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$)|" \
+        "(^([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,3}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$)|" \
+        "(^([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,2}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$)|" \
+        "(^([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,1}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$)|" \
+        "(^(([0-9a-f]{1,4}:){1,5}|:):(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$)|" \
+        "(^:(:[0-9a-f]{1,4}){1,5}:(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$)" \
+        ")"
+
+#define IPV6MASK "(" IPV6 "(/[[:digit:]]+)?)"
 #define BEGIN "^[[:space:]]*"
 #define END "[[:space:]]*$"
 
@@ -197,10 +218,12 @@ struct {
         STDCONF ("user", ALNUM, handle_user),
         STDCONF ("group", ALNUM, handle_group),
         /* ip arguments */
-        STDCONF ("listen", IP, handle_listen),
-        STDCONF ("allow", "(" IPMASK "|" ALNUM ")", handle_allow),
-        STDCONF ("deny", "(" IPMASK "|" ALNUM ")", handle_deny),
-        STDCONF ("bind", IP, handle_bind),
+        STDCONF ("listen", "(" IP "|" IPV6 ")", handle_listen),
+        STDCONF ("allow", "(" "(" IPMASK "|" IPV6MASK ")" "|" ALNUM ")",
+                 handle_allow),
+        STDCONF ("deny", "(" "(" IPMASK "|" IPV6MASK ")" "|" ALNUM ")",
+                 handle_deny),
+        STDCONF ("bind", "(" IP "|" IPV6 ")", handle_bind),
         /* error files */
         STDCONF ("errorfile", INT WS STR, handle_errorfile),
 #ifdef FILTER_ENABLE
-- 
cgit v1.2.3