DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Merge pull request #216 from oneru/add-nat-validation

Browse Source 
Add nat validation
This commit is contained in:
Michael Rash 2016-05-08 21:53:13 -04:00
commit 23d70f1aa3
2 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
server/fw_util_firewalld.c
View File

@ -1549,10 +1549,15 @@ process_spa_request(const fko_srv_options_t * const opts,
if((ndx != NULL) && (str_len <= MAX_HOSTNAME_LEN))
{
strlcpy(nat_dst, spadat->nat_access, str_len+1);
if((! is_valid_ipv4_addr(nat_dst, strlen(nat_dst))))
if(! is_valid_ipv4_addr(nat_dst, str_len))
{
if(strncasecmp(opts->config[CONF_ENABLE_NAT_DNS], "Y", 1)==0)
if(strncasecmp(opts->config[CONF_ENABLE_NAT_DNS], "Y", 1) == 0)
{
if (!is_valid_hostname(nat_dst, str_len))
{
log_msg(LOG_INFO, "Invalid Hostname in NAT SPA message");
return res;
}
if (ipv4_resolve(nat_dst, nat_ip) == 0)
{
log_msg(LOG_INFO, "Resolved NAT IP in SPA message");
@ -1561,7 +1566,6 @@ process_spa_request(const fko_srv_options_t * const opts,
{
log_msg(LOG_INFO, "Unable to resolve Hostname in NAT SPA message");
free_acc_port_list(port_list);
res = is_err;
return res;
}
}
@ -1569,7 +1573,6 @@ process_spa_request(const fko_srv_options_t * const opts,
{
log_msg(LOG_INFO, "Received Hostname in NAT SPA message, but hostname is disabled.");
free_acc_port_list(port_list);
res = is_err;
return res;
}
@ -1593,7 +1596,6 @@ process_spa_request(const fko_srv_options_t * const opts,
{
log_msg(LOG_INFO, "Invalid NAT IP in SPA message");
free_acc_port_list(port_list);
res = is_err;
return res;
}
}

14
server/fw_util_iptables.c
View File

@ -1535,13 +1535,18 @@ process_spa_request(const fko_srv_options_t * const opts,
{
ndx = strchr(spadat->nat_access, ',');
str_len = strcspn(spadat->nat_access, ",");
if((ndx != NULL) && (str_len <= MAX_HOSTNAME_LEN))
if(ndx != NULL) && (str_len <= MAX_HOSTNAME_LEN)
{
strlcpy(nat_dst, spadat->nat_access, str_len+1);
if(! is_valid_ipv4_addr(nat_dst, strlen(nat_dst)))
if(! is_valid_ipv4_addr(nat_dst, str_len))
{
if(strncasecmp(opts->config[CONF_ENABLE_NAT_DNS], "Y", 1)==0)
if(strncasecmp(opts->config[CONF_ENABLE_NAT_DNS], "Y", 1) == 0)
{
if (!is_valid_hostname(nat_dst, str_len))
{
log_msg(LOG_INFO, "Invalid Hostname in NAT SPA message");
return res;
}
if (ipv4_resolve(nat_dst, nat_ip) == 0)
{
log_msg(LOG_INFO, "Resolved NAT IP in SPA message");
@ -1550,7 +1555,6 @@ process_spa_request(const fko_srv_options_t * const opts,
{
log_msg(LOG_INFO, "Unable to resolve Hostname in NAT SPA message");
free_acc_port_list(port_list);
res = is_err;
return res;
}
}
@ -1558,7 +1562,6 @@ process_spa_request(const fko_srv_options_t * const opts,
{
log_msg(LOG_INFO, "Received Hostname in NAT SPA message, but hostname is disabled.");
free_acc_port_list(port_list);
res = is_err;
return res;
}
@ -1582,7 +1585,6 @@ process_spa_request(const fko_srv_options_t * const opts,
{
log_msg(LOG_INFO, "Invalid NAT IP in SPA message");
free_acc_port_list(port_list);
res = is_err;
return res;
}
}