diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-06-19 22:06:59 +0200 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-06-19 22:06:59 +0200 |
| commit | 59d72e349a19da49d22934c1cdab914c3087c702 (patch) | |
| tree | aa0ddc4bbb25c090b5de14372383e3dcacaa6f04 | |
| parent | ed668b564ed32d1784f6a8b25b3c130e0d6a9ee9 (diff) | |
The commandline parser was too permissive, make it more strict
The parser allowed more possible argument alternatives for
command options than the documented one, which limited the possibility
of other option names. The patch makes the parser more strict.
| -rw-r--r-- | include/libipset/ui.h | 4 | ||||
| -rw-r--r-- | src/ui.c | 60 | ||||
| -rw-r--r-- | tests/restore.t | 2 | ||||
| -rw-r--r-- | tests/setlist.t | 2 |
4 files changed, 34 insertions, 34 deletions
diff --git a/include/libipset/ui.h b/include/libipset/ui.h index aa3979f..78d5866 100644 --- a/include/libipset/ui.h +++ b/include/libipset/ui.h @@ -10,11 +10,13 @@ #include <stdbool.h> /* bool */ #include <libipset/linux_ip_set.h> /* enum ipset_cmd */ +#define IPSET_CMD_ALIASES 3 + /* Commands in userspace */ struct ipset_commands { enum ipset_cmd cmd; int has_arg; - const char *name[2]; + const char *name[IPSET_CMD_ALIASES]; const char *help; }; @@ -5,7 +5,6 @@ * published by the Free Software Foundation. */ #include <assert.h> /* assert */ -#include <ctype.h> /* tolower */ #include <string.h> /* memcmp, str* */ #include <libipset/linux_ip_set.h> /* IPSET_CMD_* */ @@ -25,91 +24,91 @@ const struct ipset_commands ipset_commands[] = { { /* c[reate], --create, n[ew], -N */ .cmd = IPSET_CMD_CREATE, - .name = { "create", "new" }, + .name = { "create", "new", "-N" }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME TYPENAME [type-specific-options]\n" " Create a new set", }, { /* a[dd], --add, -A */ .cmd = IPSET_CMD_ADD, - .name = { "add", NULL }, + .name = { "add", "-A", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" " Add entry to the named set", }, { /* d[el], --del, -D */ .cmd = IPSET_CMD_DEL, - .name = { "del", NULL }, + .name = { "del", "-D", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" " Delete entry from the named set", }, { /* t[est], --test, -T */ .cmd = IPSET_CMD_TEST, - .name = { "test", NULL }, + .name = { "test", "-T", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" " Test entry in the named set", }, { /* des[troy], --destroy, x, -X */ .cmd = IPSET_CMD_DESTROY, - .name = { "destroy", "x" }, + .name = { "destroy", "x", "-X" }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " Destroy a named set or all sets", }, { /* l[ist], --list, -L */ .cmd = IPSET_CMD_LIST, - .name = { "list", NULL }, + .name = { "list", "-L", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " List the entries of a named set or all sets", }, { /* s[save], --save, -S */ .cmd = IPSET_CMD_SAVE, - .name = { "save", NULL }, + .name = { "save", "-S", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " Save the named set or all sets to stdout", }, { /* r[estore], --restore, -R */ .cmd = IPSET_CMD_RESTORE, - .name = { "restore", NULL }, + .name = { "restore", "-R", NULL }, .has_arg = IPSET_NO_ARG, .help = "\n" " Restore a saved state", }, { /* f[lush], --flush, -F */ .cmd = IPSET_CMD_FLUSH, - .name = { "flush", NULL }, + .name = { "flush", "-F", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " Flush a named set or all sets", }, { /* ren[ame], --rename, e, -E */ .cmd = IPSET_CMD_RENAME, - .name = { "rename", "e" }, + .name = { "rename", "e", "-E" }, .has_arg = IPSET_MANDATORY_ARG2, .help = "FROM-SETNAME TO-SETNAME\n" " Rename two sets", }, { /* sw[ap], --swap, w, -W */ .cmd = IPSET_CMD_SWAP, - .name = { "swap", "w" }, + .name = { "swap", "w", "-W" }, .has_arg = IPSET_MANDATORY_ARG2, .help = "FROM-SETNAME TO-SETNAME\n" " Swap the contect of two existing sets", }, { /* h[elp, --help, -H */ .cmd = IPSET_CMD_HELP, - .name = { "help", NULL }, + .name = { "help", "-h", "-H" }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[TYPENAME]\n" " Print help, and settype specific help", }, { /* v[ersion], --version, -V */ .cmd = IPSET_CMD_VERSION, - .name = { "version", NULL }, + .name = { "version", "-v", "-V" }, .has_arg = IPSET_NO_ARG, .help = "\n" " Print version information", @@ -128,30 +127,29 @@ const struct ipset_commands ipset_commands[] = { bool ipset_match_cmd(const char *arg, const char * const name[]) { - size_t len; + size_t len, skip = 0; + int i; assert(arg); assert(name && name[0]); - /* Ignore (two) leading dashes */ - if (arg[0] == '-') - arg++; - if (arg[0] == '-') - arg++; + /* Ignore two leading dashes */ + if (arg[0] == '-' && arg[1] == '-') + skip = 2; len = strlen(arg); - - if (len > strlen(name[0]) || !len) - return false; - else if (len > 1 && - ((strncmp(arg, name[0], len) == 0) || - (name[1] != NULL && (strncmp(arg, name[1], len) == 0)))) - return true; - else if (len != 1) + if (len <= skip) return false; - else - return tolower(arg[0]) == name[0][0] || - (name[1] != NULL && tolower(arg[0]) == name[1][0]); + + for (i = 0; i < IPSET_CMD_ALIASES && name[i] != NULL; i++) { + /* Old compatibility command flags */ + if (name[i][0] == '-' && STREQ(arg, name[i])) + return true; + /* New command name options */ + if (strncmp(arg + skip, name[i], len - skip) == 0) + return true; + } + return false; } /* Used up so far diff --git a/tests/restore.t b/tests/restore.t index 7570bc1..b151be8 100644 --- a/tests/restore.t +++ b/tests/restore.t @@ -3,5 +3,5 @@ # Save sets and compare 0 ipset save > .foo && diff restore.t.multi.saved .foo # Delete all sets -0 ipset -x +0 ipset x # eof diff --git a/tests/setlist.t b/tests/setlist.t index 90c78f2..6f81afc 100644 --- a/tests/setlist.t +++ b/tests/setlist.t @@ -132,5 +132,5 @@ # Flush all sets 0 ipset flush # Delete all sets -0 ipset -x +0 ipset -X # eof |