Make sure we don't pass garbage to system().

2026-04-28 10:23:35 +00:00 · 2012-10-31 14:18:37 -07:00
parent 67c92dbbc7
commit d60d4f1a33
2 changed files with 8 additions and 1 deletions
--- a/1
+++ b/1
@@ -1,3 +1,2 @@
 - Add IPV6 support
- Verify IP address is a valid IP address before using it in system() calls
 - Print usable log messages
--- a/tallow.c
+++ b/tallow.c
@@ -92,6 +92,14 @@ static void find(char *ip)
 	struct tallow_struct *n;
 	struct tallow_struct *w = whitelist;

+	/*
+	 * not validating the IP address format here, just
+	 * making sure we're not passing special characters
+	 * to system().
+	 */
+	if (strspn(ip, "0123456789.") < l)
+		continue;
+
 	/* whitelist */
 	while (w) {
 		if (!strcmp(w->ip, ip))