From 59d72e349a19da49d22934c1cdab914c3087c702 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 19 Jun 2012 22:06:59 +0200 Subject: The commandline parser was too permissive, make it more strict The parser allowed more possible argument alternatives for command options than the documented one, which limited the possibility of other option names. The patch makes the parser more strict. --- include/libipset/ui.h | 4 +++- src/ui.c | 60 +++++++++++++++++++++++++-------------------------- tests/restore.t | 2 +- tests/setlist.t | 2 +- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/include/libipset/ui.h b/include/libipset/ui.h index aa3979f..78d5866 100644 --- a/include/libipset/ui.h +++ b/include/libipset/ui.h @@ -10,11 +10,13 @@ #include /* bool */ #include /* enum ipset_cmd */ +#define IPSET_CMD_ALIASES 3 + /* Commands in userspace */ struct ipset_commands { enum ipset_cmd cmd; int has_arg; - const char *name[2]; + const char *name[IPSET_CMD_ALIASES]; const char *help; }; diff --git a/src/ui.c b/src/ui.c index 0ebacbb..bdd0602 100644 --- a/src/ui.c +++ b/src/ui.c @@ -5,7 +5,6 @@ * published by the Free Software Foundation. */ #include /* assert */ -#include /* tolower */ #include /* memcmp, str* */ #include /* IPSET_CMD_* */ @@ -25,91 +24,91 @@ const struct ipset_commands ipset_commands[] = { { /* c[reate], --create, n[ew], -N */ .cmd = IPSET_CMD_CREATE, - .name = { "create", "new" }, + .name = { "create", "new", "-N" }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME TYPENAME [type-specific-options]\n" " Create a new set", }, { /* a[dd], --add, -A */ .cmd = IPSET_CMD_ADD, - .name = { "add", NULL }, + .name = { "add", "-A", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" " Add entry to the named set", }, { /* d[el], --del, -D */ .cmd = IPSET_CMD_DEL, - .name = { "del", NULL }, + .name = { "del", "-D", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" " Delete entry from the named set", }, { /* t[est], --test, -T */ .cmd = IPSET_CMD_TEST, - .name = { "test", NULL }, + .name = { "test", "-T", NULL }, .has_arg = IPSET_MANDATORY_ARG2, .help = "SETNAME ENTRY\n" " Test entry in the named set", }, { /* des[troy], --destroy, x, -X */ .cmd = IPSET_CMD_DESTROY, - .name = { "destroy", "x" }, + .name = { "destroy", "x", "-X" }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " Destroy a named set or all sets", }, { /* l[ist], --list, -L */ .cmd = IPSET_CMD_LIST, - .name = { "list", NULL }, + .name = { "list", "-L", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " List the entries of a named set or all sets", }, { /* s[save], --save, -S */ .cmd = IPSET_CMD_SAVE, - .name = { "save", NULL }, + .name = { "save", "-S", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " Save the named set or all sets to stdout", }, { /* r[estore], --restore, -R */ .cmd = IPSET_CMD_RESTORE, - .name = { "restore", NULL }, + .name = { "restore", "-R", NULL }, .has_arg = IPSET_NO_ARG, .help = "\n" " Restore a saved state", }, { /* f[lush], --flush, -F */ .cmd = IPSET_CMD_FLUSH, - .name = { "flush", NULL }, + .name = { "flush", "-F", NULL }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[SETNAME]\n" " Flush a named set or all sets", }, { /* ren[ame], --rename, e, -E */ .cmd = IPSET_CMD_RENAME, - .name = { "rename", "e" }, + .name = { "rename", "e", "-E" }, .has_arg = IPSET_MANDATORY_ARG2, .help = "FROM-SETNAME TO-SETNAME\n" " Rename two sets", }, { /* sw[ap], --swap, w, -W */ .cmd = IPSET_CMD_SWAP, - .name = { "swap", "w" }, + .name = { "swap", "w", "-W" }, .has_arg = IPSET_MANDATORY_ARG2, .help = "FROM-SETNAME TO-SETNAME\n" " Swap the contect of two existing sets", }, { /* h[elp, --help, -H */ .cmd = IPSET_CMD_HELP, - .name = { "help", NULL }, + .name = { "help", "-h", "-H" }, .has_arg = IPSET_OPTIONAL_ARG, .help = "[TYPENAME]\n" " Print help, and settype specific help", }, { /* v[ersion], --version, -V */ .cmd = IPSET_CMD_VERSION, - .name = { "version", NULL }, + .name = { "version", "-v", "-V" }, .has_arg = IPSET_NO_ARG, .help = "\n" " Print version information", @@ -128,30 +127,29 @@ const struct ipset_commands ipset_commands[] = { bool ipset_match_cmd(const char *arg, const char * const name[]) { - size_t len; + size_t len, skip = 0; + int i; assert(arg); assert(name && name[0]); - /* Ignore (two) leading dashes */ - if (arg[0] == '-') - arg++; - if (arg[0] == '-') - arg++; + /* Ignore two leading dashes */ + if (arg[0] == '-' && arg[1] == '-') + skip = 2; len = strlen(arg); - - if (len > strlen(name[0]) || !len) - return false; - else if (len > 1 && - ((strncmp(arg, name[0], len) == 0) || - (name[1] != NULL && (strncmp(arg, name[1], len) == 0)))) - return true; - else if (len != 1) + if (len <= skip) return false; - else - return tolower(arg[0]) == name[0][0] || - (name[1] != NULL && tolower(arg[0]) == name[1][0]); + + for (i = 0; i < IPSET_CMD_ALIASES && name[i] != NULL; i++) { + /* Old compatibility command flags */ + if (name[i][0] == '-' && STREQ(arg, name[i])) + return true; + /* New command name options */ + if (strncmp(arg + skip, name[i], len - skip) == 0) + return true; + } + return false; } /* Used up so far diff --git a/tests/restore.t b/tests/restore.t index 7570bc1..b151be8 100644 --- a/tests/restore.t +++ b/tests/restore.t @@ -3,5 +3,5 @@ # Save sets and compare 0 ipset save > .foo && diff restore.t.multi.saved .foo # Delete all sets -0 ipset -x +0 ipset x # eof diff --git a/tests/setlist.t b/tests/setlist.t index 90c78f2..6f81afc 100644 --- a/tests/setlist.t +++ b/tests/setlist.t @@ -132,5 +132,5 @@ # Flush all sets 0 ipset flush # Delete all sets -0 ipset -x +0 ipset -X # eof -- cgit v1.2.3