From 127d2c239bb4c8d156154c5fb87e082ef22ed5a4 Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@jerkface.net>
Date: Fri, 21 Aug 2020 09:47:12 -0400
Subject: Implement wildcard rules

The rules are reloaded as needed upon every connection.
---
 util.c | 50 ++++++++++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 20 deletions(-)

(limited to 'util.c')

diff --git a/util.c b/util.c
index 0084c19..03cf30f 100644
--- a/util.c
+++ b/util.c
@@ -83,52 +83,62 @@ int string_to_id(char_t *w, char_t *a)
 }
 
 /* Parse the -L parameter */
-/* 0 = success */
-int parse_local_port_forward(char *string, int *local_port, char **hostname, int *remote_port)
+/* true = success */
+bool parse_local_port_forward(char *string, int *local_port, char **hostname, int *remote_port)
 {
     char *lport;
-    char *host;
-    char *rport;
 
     /* Alternative delimiter '@', as ':' is forbidden in some environments */
-
     lport = strtok(string, ":@");
-    host = strtok(NULL, ":@");
-    rport = strtok(NULL, ":@");
 
-    if(!lport || !host || !rport)
+    if(!(*local_port = atoi(lport)))
     {
-        return -1;
+        return false;
     }
 
-    *local_port = atoi(lport);
-    *hostname = host;
-    *remote_port = atoi(rport);
-
-    return 0;
+    if(parse_pipe_port_forward(lport + strlen(lport), hostname, remote_port))
+    {
+        return *remote_port;
+    }
+    return false;
 }
 
 /* Parse the -W parameter */
-/* 0 = success */
-int parse_pipe_port_forward(char *string, char **hostname, int *remote_port)
+/* true = success */
+bool parse_pipe_port_forward(char *string, char **hostname, int *remote_port)
 {
     char *host;
     char *rport;
 
     /* Alternative delimiter '@', as ':' is forbidden in some environments */
-
     host = strtok(string, ":@");
-    rport = strtok(NULL, ":@");
+    rport = strtok(NULL, "");
 
     if(!host || !rport)
     {
-        return -1;
+        return false;
     }
 
     *hostname = host;
     *remote_port = atoi(rport);
 
-    return 0;
+    if(*remote_port > 0 && *remote_port < 65535)
+    {
+        /* This is tolerant of nonsense tokens after the port. */
+        return true;
+    }
+    else
+    {
+        /* Port 0 is not allowed in the input. Only a literal '*' can produce a
+         * port 0 in the output, which will be treated as a wildcard if this is
+         * a rule. */
+        if (rport[0] != '*')
+        {
+            return false;
+        }
+        /* Return an error if an extra token follows, but tolerate whitespace. */
+        return !strtok(rport+1, "\n\t ");
+    }
 }
 
 void* file_raw(char *path, uint32_t *size)
-- 
cgit v1.2.3