From 59d72e349a19da49d22934c1cdab914c3087c702 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Tue, 19 Jun 2012 22:06:59 +0200
Subject: The commandline parser was too permissive, make it more strict

The parser allowed more possible argument alternatives for
command options than the documented one, which limited the possibility
of other option names. The patch makes the parser more strict.
---
 src/ui.c | 60 +++++++++++++++++++++++++++++-------------------------------
 1 file changed, 29 insertions(+), 31 deletions(-)

(limited to 'src/ui.c')

diff --git a/src/ui.c b/src/ui.c
index 0ebacbb..bdd0602 100644
--- a/src/ui.c
+++ b/src/ui.c
@@ -5,7 +5,6 @@
  * published by the Free Software Foundation.
  */
 #include <assert.h>				/* assert */
-#include <ctype.h>				/* tolower */
 #include <string.h>				/* memcmp, str* */
 
 #include <libipset/linux_ip_set.h>		/* IPSET_CMD_* */
@@ -25,91 +24,91 @@ const struct ipset_commands ipset_commands[] = {
 
 	{	/* c[reate], --create, n[ew], -N */
 		.cmd = IPSET_CMD_CREATE,
-		.name = { "create", "new" },
+		.name = { "create", "new", "-N" },
 		.has_arg = IPSET_MANDATORY_ARG2,
 		.help = "SETNAME TYPENAME [type-specific-options]\n"
 			"        Create a new set",
 	},
 	{	/* a[dd], --add, -A  */
 		.cmd = IPSET_CMD_ADD,
-		.name = { "add", NULL },
+		.name = { "add", "-A", NULL },
 		.has_arg = IPSET_MANDATORY_ARG2,
 		.help = "SETNAME ENTRY\n"
 			"        Add entry to the named set",
 	},
 	{	/* d[el], --del, -D */
 		.cmd = IPSET_CMD_DEL,
-		.name = { "del", NULL },
+		.name = { "del", "-D", NULL },
 		.has_arg = IPSET_MANDATORY_ARG2,
 		.help = "SETNAME ENTRY\n"
 			"        Delete entry from the named set",
 	},
 	{	/* t[est], --test, -T */
 		.cmd = IPSET_CMD_TEST,
-		.name = { "test", NULL },
+		.name = { "test", "-T", NULL },
 		.has_arg = IPSET_MANDATORY_ARG2,
 		.help = "SETNAME ENTRY\n"
 			"        Test entry in the named set",
 	},
 	{	/* des[troy], --destroy, x, -X */
 		.cmd = IPSET_CMD_DESTROY,
-		.name = { "destroy", "x" },
+		.name = { "destroy", "x", "-X" },
 		.has_arg = IPSET_OPTIONAL_ARG,
 		.help = "[SETNAME]\n"
 			"        Destroy a named set or all sets",
 	},
 	{	/* l[ist], --list, -L */
 		.cmd = IPSET_CMD_LIST,
-		.name = { "list", NULL },
+		.name = { "list", "-L", NULL },
 		.has_arg = IPSET_OPTIONAL_ARG,
 		.help = "[SETNAME]\n"
 			"        List the entries of a named set or all sets",
 	},
 	{	/* s[save], --save, -S */
 		.cmd = IPSET_CMD_SAVE,
-		.name = { "save", NULL },
+		.name = { "save", "-S", NULL },
 		.has_arg = IPSET_OPTIONAL_ARG,
 		.help = "[SETNAME]\n"
 			"        Save the named set or all sets to stdout",
 	},
 	{	/* r[estore], --restore, -R */
 		.cmd = IPSET_CMD_RESTORE,
-		.name = { "restore", NULL },
+		.name = { "restore", "-R", NULL },
 		.has_arg = IPSET_NO_ARG,
 		.help = "\n"
 			"        Restore a saved state",
 	},
 	{	/* f[lush], --flush, -F */
 		.cmd = IPSET_CMD_FLUSH,
-		.name = { "flush", NULL },
+		.name = { "flush", "-F", NULL },
 		.has_arg = IPSET_OPTIONAL_ARG,
 		.help = "[SETNAME]\n"
 			"        Flush a named set or all sets",
 	},
 	{	/* ren[ame], --rename, e, -E */
 		.cmd = IPSET_CMD_RENAME,
-		.name = { "rename", "e" },
+		.name = { "rename", "e", "-E" },
 		.has_arg = IPSET_MANDATORY_ARG2,
 		.help = "FROM-SETNAME TO-SETNAME\n"
 			"        Rename two sets",
 	},
 	{	/* sw[ap], --swap, w, -W */
 		.cmd = IPSET_CMD_SWAP,
-		.name = { "swap", "w" },
+		.name = { "swap", "w", "-W" },
 		.has_arg = IPSET_MANDATORY_ARG2,
 		.help = "FROM-SETNAME TO-SETNAME\n"
 			"        Swap the contect of two existing sets",
 	},
 	{	/* h[elp, --help, -H */
 		.cmd = IPSET_CMD_HELP,
-		.name = { "help", NULL },
+		.name = { "help", "-h", "-H" },
 		.has_arg = IPSET_OPTIONAL_ARG,
 		.help = "[TYPENAME]\n"
 			"        Print help, and settype specific help",
 	},
 	{	/* v[ersion], --version, -V */
 		.cmd = IPSET_CMD_VERSION,
-		.name = { "version", NULL },
+		.name = { "version", "-v", "-V" },
 		.has_arg = IPSET_NO_ARG,
 		.help = "\n"
 			"        Print version information",
@@ -128,30 +127,29 @@ const struct ipset_commands ipset_commands[] = {
 bool
 ipset_match_cmd(const char *arg, const char * const name[])
 {
-	size_t len;
+	size_t len, skip = 0;
+	int i;
 
 	assert(arg);
 	assert(name && name[0]);
 
-	/* Ignore (two) leading dashes */
-	if (arg[0] == '-')
-		arg++;
-	if (arg[0] == '-')
-		arg++;
+	/* Ignore two leading dashes */
+	if (arg[0] == '-' && arg[1] == '-')
+		skip = 2;
 
 	len = strlen(arg);
-
-	if (len > strlen(name[0]) || !len)
-		return false;
-	else if (len > 1 &&
-		 ((strncmp(arg, name[0], len) == 0) ||
-		  (name[1] != NULL && (strncmp(arg, name[1], len) == 0))))
-		return true;
-	else if (len != 1)
+	if (len <= skip)
 		return false;
-	else
-		return tolower(arg[0]) == name[0][0] ||
-		       (name[1] != NULL && tolower(arg[0]) == name[1][0]);
+
+	for (i = 0; i < IPSET_CMD_ALIASES && name[i] != NULL; i++) {
+		/* Old compatibility command flags */
+		if (name[i][0] == '-' && STREQ(arg, name[i]))
+			return true;
+		/* New command name options */
+		if (strncmp(arg + skip, name[i], len - skip) == 0)
+			return true;
+	}
+	return false;
 }
 
 /* Used up so far
-- 
cgit v1.2.3