diff options
author | Florian Westphal <fw@strlen.de> | 2013-06-21 13:23:52 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2013-06-30 23:03:36 +0200 |
commit | 4795f4c737e59587d05d6eced2c86d3fc50ad42d (patch) | |
tree | 79ce349f199440b57568bfb4f250c2e79d1c9818 /src/conntrack/labels.c | |
parent | ffa0f21f902921e405b929911b6a79a0e6f7c8dc (diff) |
conntrack: labels: skip labels with non-alnum characters
Can always lift this restriction later but for now enforce
strict label naming.
This is mainly to make sure that e.g. using
conntrack ... -o xml,connlabels
will output the expected format, without nasty surprises.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/conntrack/labels.c')
-rw-r--r-- | src/conntrack/labels.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/src/conntrack/labels.c b/src/conntrack/labels.c index 7393c42..7dfb780 100644 --- a/src/conntrack/labels.c +++ b/src/conntrack/labels.c @@ -1,3 +1,4 @@ +#include <stdbool.h> #include <stdint.h> #include "internal/internal.h" @@ -184,6 +185,30 @@ static struct nfct_labelmap *map_alloc(void) return map; } +/* + * We will only accept alpha numerical labels; else + * parses might choke on output when label named + * "foo;<&bar" exists. ASCII machines only. + * + * Avoids libc isalnum() etc. to avoid issues with locale + * settings. + */ +static bool label_is_sane(const char *label) +{ + for (;*label; label++) { + if (*label >= 'a' && *label <= 'z') + continue; + if (*label >= 'A' && *label <= 'Z') + continue; + if (*label >= '0' && *label <= '9') + continue; + if (*label == ' ' || *label == '-') + continue; + return false; + } + return true; +} + struct nfct_labelmap *__labelmap_new(const char *name) { struct nfct_labelmap *map; @@ -219,7 +244,8 @@ struct nfct_labelmap *__labelmap_new(const char *name) end = trim_label(end); if (!end) continue; - if (map_insert(map, end, bit) == 0) { + + if (label_is_sane(end) && map_insert(map, end, bit) == 0) { added++; if (maxbit < bit) maxbit = bit; |