nat: Bail out if the regexp fails to compile and avoid a crash
If the regexp fails to compile the internal dfa is NULL and a
regexec will crash nicely. Fail and free the string if the regexp
fails to compile.
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
index f83289b..4258364 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat_utils.c
@@ -606,8 +606,11 @@
}
}
-void bsc_parse_reg(void *ctx, regex_t *reg, char **imsi, int argc, const char **argv)
+int bsc_parse_reg(void *ctx, regex_t *reg, char **imsi, int argc, const char **argv)
{
+ int ret;
+
+ ret = 0;
if (*imsi) {
talloc_free(*imsi);
*imsi = NULL;
@@ -616,8 +619,16 @@
if (argc > 0) {
*imsi = talloc_strdup(ctx, argv[0]);
- regcomp(reg, argv[0], 0);
+ ret = regcomp(reg, argv[0], 0);
+
+ /* handle compilation failures */
+ if (ret != 0) {
+ talloc_free(*imsi);
+ *imsi = NULL;
+ }
}
+
+ return ret;
}
static const char *con_types [] = {
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c b/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
index 3158f34..3a5068e 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat_vty.c
@@ -467,7 +467,8 @@
"Set the USSD query to match with the ussd-list-name\n"
"The query to match")
{
- bsc_parse_reg(_nat, &_nat->ussd_query_re, &_nat->ussd_query, argc, argv);
+ if (bsc_parse_reg(_nat, &_nat->ussd_query_re, &_nat->ussd_query, argc, argv) != 0)
+ return CMD_WARNING;
return CMD_SUCCESS;
}
@@ -580,7 +581,8 @@
if (!entry)
return CMD_WARNING;
- bsc_parse_reg(acc, &entry->imsi_allow_re, &entry->imsi_allow, argc - 1, &argv[1]);
+ if (bsc_parse_reg(acc, &entry->imsi_allow_re, &entry->imsi_allow, argc - 1, &argv[1]) != 0)
+ return CMD_WARNING;
return CMD_SUCCESS;
}
@@ -602,7 +604,8 @@
if (!entry)
return CMD_WARNING;
- bsc_parse_reg(acc, &entry->imsi_deny_re, &entry->imsi_deny, argc - 1, &argv[1]);
+ if (bsc_parse_reg(acc, &entry->imsi_deny_re, &entry->imsi_deny, argc - 1, &argv[1]) != 0)
+ return CMD_WARNING;
return CMD_SUCCESS;
}
@@ -710,7 +713,8 @@
char *str = NULL;
memset(®, 0, sizeof(reg));
- bsc_parse_reg(_nat, ®, &str, 1, argv);
+ if (bsc_parse_reg(_nat, ®, &str, 1, argv) != 0)
+ return CMD_WARNING;
vty_out(vty, "String matches allow pattern: %d%s",
regexec(®, argv[1], 0, NULL, 0) == 0, VTY_NEWLINE);