From 788c986343bc24bd0272e8aa409121ffe51f1ef3 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 15 Aug 2016 13:14:18 +0200
Subject: src: quote user-defined strings when used from rule selectors

The following selectors display strings using quotes:

* meta iifname
* meta oifname
* meta ibriport
* meta obriport

However, the following do not:

* meta oif
* meta iif
* meta skuid
* meta skgid
* meta iifgroup
* meta oifgroup
* meta rtclassid
* ct label

Given they refer to user-defined values, neither keywords nor internal
built-in known values, let's quote the output of this.

This patch modifies symbolic_constant_print() so we can signal this to
indicate if the string needs to be quoted.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/ct.c       |  2 +-
 src/datatype.c | 12 ++++++++----
 src/meta.c     | 12 ++++++------
 src/proto.c    |  2 +-
 4 files changed, 16 insertions(+), 12 deletions(-)

(limited to 'src')

diff --git a/src/ct.c b/src/ct.c
index f6018d87..35755962 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -108,7 +108,7 @@ static void ct_label_type_print(const struct expr *expr)
 	for (s = ct_label_tbl->symbols; s->identifier != NULL; s++) {
 		if (bit != s->value)
 			continue;
-		printf("%s", s->identifier);
+		printf("\"%s\"", s->identifier);
 		return;
 	}
 	/* can happen when connlabel.conf is altered after rules were added */
diff --git a/src/datatype.c b/src/datatype.c
index 002c4c66..2b1619a6 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -86,7 +86,8 @@ void datatype_print(const struct expr *expr)
 		if (dtype->print != NULL)
 			return dtype->print(expr);
 		if (dtype->sym_tbl != NULL)
-			return symbolic_constant_print(dtype->sym_tbl, expr);
+			return symbolic_constant_print(dtype->sym_tbl, expr,
+						       false);
 	} while ((dtype = dtype->basetype));
 
 	BUG("datatype %s has no print method or symbol table\n",
@@ -154,7 +155,7 @@ out:
 }
 
 void symbolic_constant_print(const struct symbol_table *tbl,
-			     const struct expr *expr)
+			     const struct expr *expr, bool quotes)
 {
 	unsigned int len = div_round_up(expr->len, BITS_PER_BYTE);
 	const struct symbolic_constant *s;
@@ -173,7 +174,10 @@ void symbolic_constant_print(const struct symbol_table *tbl,
 	if (s->identifier == NULL)
 		return expr_basetype(expr)->print(expr);
 
-	printf("%s", s->identifier);
+	if (quotes)
+		printf("\"%s\"", s->identifier);
+	else
+		printf("%s", s->identifier);
 }
 
 void symbol_table_print(const struct symbol_table *tbl,
@@ -684,7 +688,7 @@ static void __exit mark_table_exit(void)
 
 static void mark_type_print(const struct expr *expr)
 {
-	return symbolic_constant_print(mark_tbl, expr);
+	return symbolic_constant_print(mark_tbl, expr, true);
 }
 
 static struct error_record *mark_type_parse(const struct expr *sym,
diff --git a/src/meta.c b/src/meta.c
index 9dd91de3..94263f90 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -47,7 +47,7 @@ static void __exit realm_table_exit(void)
 
 static void realm_type_print(const struct expr *expr)
 {
-	return symbolic_constant_print(realm_tbl, expr);
+	return symbolic_constant_print(realm_tbl, expr, true);
 }
 
 static struct error_record *realm_type_parse(const struct expr *sym,
@@ -144,7 +144,7 @@ static void ifindex_type_print(const struct expr *expr)
 
 	ifindex = mpz_get_uint32(expr->value);
 	if (nft_if_indextoname(ifindex, name))
-		printf("%s", name);
+		printf("\"%s\"", name);
 	else
 		printf("%d", ifindex);
 }
@@ -208,7 +208,7 @@ static void uid_type_print(const struct expr *expr)
 
 		pw = getpwuid(uid);
 		if (pw != NULL)
-			printf("%s", pw->pw_name);
+			printf("\"%s\"", pw->pw_name);
 		else
 			printf("%d", uid);
 		return;
@@ -260,7 +260,7 @@ static void gid_type_print(const struct expr *expr)
 
 		gr = getgrgid(gid);
 		if (gr != NULL)
-			printf("%s", gr->gr_name);
+			printf("\"%s\"", gr->gr_name);
 		else
 			printf("%u", gid);
 		return;
@@ -314,7 +314,7 @@ static const struct symbol_table pkttype_type_tbl = {
 
 static void pkttype_type_print(const struct expr *expr)
 {
-	return symbolic_constant_print(&pkttype_type_tbl, expr);
+	return symbolic_constant_print(&pkttype_type_tbl, expr, false);
 }
 
 static const struct datatype pkttype_type = {
@@ -341,7 +341,7 @@ static void __exit devgroup_table_exit(void)
 
 static void devgroup_type_print(const struct expr *expr)
 {
-	return symbolic_constant_print(devgroup_tbl, expr);
+	return symbolic_constant_print(devgroup_tbl, expr, true);
 }
 
 static struct error_record *devgroup_type_parse(const struct expr *sym,
diff --git a/src/proto.c b/src/proto.c
index 4c12977c..94995f10 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -871,7 +871,7 @@ static const struct symbol_table ethertype_tbl = {
 
 static void ethertype_print(const struct expr *expr)
 {
-	return symbolic_constant_print(&ethertype_tbl, expr);
+	return symbolic_constant_print(&ethertype_tbl, expr, false);
 }
 
 const struct datatype ethertype_type = {
-- 
cgit v1.2.3