Check IP address before updating settings

If IP address string is empty, inet_addr() returns 0xFFFFFFFF.
ioctl() doesn't return error value when 0xFFFFFFFF is passed on RPI4.
It's because class-e address has been allowed via ifconfig ioctl since
kernel 4.20.

This patch checks IP address before updating settings to avoid
assigning unexpected IP to tun.

Change-Id: Ic588eb5d66d10afa2cc45955546705cafe27a1c3

diff --git a/include/capi_vpn_service_private.h b/include/capi_vpn_service_private.h
index 4cb8542..39f0ddd 100755 (executable)
--- a/include/capi_vpn_service_private.h
+++ b/include/capi_vpn_service_private.h
@@ -48,6 +48,9 @@ extern "C" {
 #define NETCONFIG_NETWORK_PATH                 "/net/netconfig/network"
 #define NETCONFIG_NETWORK_INTERFACE            "net.netconfig.network"
 
+#define VPNSVC_IP4_MIN_STRING_LEN 7
+#define VPNSVC_IP4_MAX_STRING_LEN 15
+
 #define VPNSVC_IP4_STRING_LEN 16
 #define VPNSVC_VPN_IFACE_NAME_LEN 16
 #define VPNSVC_SESSION_STRING_LEN 32

diff --git a/src/capi_vpn_service.c b/src/capi_vpn_service.c
index 2732989..cb508f8 100755 (executable)
--- a/src/capi_vpn_service.c
+++ b/src/capi_vpn_service.c
@@ -72,6 +72,15 @@ static bool _vpn_check_handle_validity(vpnsvc_h vpnsvc)
                return false;
 }
 
+static bool _vpn_check_ip_address_validity(const char *addr)
+{
+       if(strlen(addr) < VPNSVC_IP4_MIN_STRING_LEN
+                       || strlen(addr) > VPNSVC_IP4_MAX_STRING_LEN)
+               return false;
+
+       return true;
+}
+
 static void _vpnsvc_init_vpnsvc_tun_s(vpnsvc_tun_s **s)
 {
        LOGD(" tun_s: %p", s);
@@ -850,8 +859,15 @@ EXPORT_API int vpnsvc_update_settings(vpnsvc_h handle)
                LOGE("handle is a NULL"); //LCOV_EXCL_LINE
                return VPNSVC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE
        }
+
        tun_s = (vpnsvc_tun_s*)handle;
 
+       if (!_vpn_check_ip_address_validity(tun_s->local_ip))
+               return VPNSVC_ERROR_INVALID_PARAMETER;
+
+       if (!_vpn_check_ip_address_validity(tun_s->remote_ip))
+               return VPNSVC_ERROR_INVALID_PARAMETER;
+
        op = _vpnsvc_invoke_dbus_method(tun_s->connection,
                                                                NETCONFIG_SERVICE_NAME,
                                                                NETCONFIG_VPNSVC_PATH,