Commit 0559f745 authored by Michael Hanselmann's avatar Michael Hanselmann
Browse files

import/export: Limit max length of socat options


Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
parent acd65a16
......@@ -79,6 +79,8 @@ BUFSIZE = 1024 * 1024
SOCAT_TCP_OPTS = ["keepalive", "keepidle=60", "keepintvl=10", "keepcnt=5"]
SOCAT_OPENSSL_OPTS = ["verify=1", "cipher=HIGH", "method=TLSv1"]
SOCAT_OPTION_MAXLEN = 400
(PROG_OTHER,
PROG_SOCAT,
PROG_DD,
......@@ -168,6 +170,10 @@ class CommandBuilder(object):
for i in [addr1, addr2]:
for value in i:
if len(value) > SOCAT_OPTION_MAXLEN:
raise errors.GenericError("Socat option longer than %s"
" characters: %r" %
(SOCAT_OPTION_MAXLEN, value))
if "," in value:
raise errors.GenericError("Comma not allowed in socat option"
" value: %r" % value)
......
......@@ -111,6 +111,25 @@ class TestCommandBuilder(unittest.TestCase):
builder = impexpd.CommandBuilder(mode, opts, 1, 2, 3)
self.assertRaises(errors.GenericError, builder.GetCommand)
def testOptionLengthError(self):
testopts = [
CmdBuilderConfig(bind="0.0.0.0" + ("A" * impexpd.SOCAT_OPTION_MAXLEN),
port=1234, ca="/tmp/ca"),
CmdBuilderConfig(host="localhost", port=1234,
ca="/tmp/ca" + ("B" * impexpd.SOCAT_OPTION_MAXLEN)),
CmdBuilderConfig(host="localhost", port=1234,
key="/tmp/key" + ("B" * impexpd.SOCAT_OPTION_MAXLEN)),
]
for opts in testopts:
for mode in [constants.IEM_IMPORT, constants.IEM_EXPORT]:
builder = impexpd.CommandBuilder(mode, opts, 1, 2, 3)
self.assertRaises(errors.GenericError, builder.GetCommand)
opts.host = "localhost" + ("A" * impexpd.SOCAT_OPTION_MAXLEN)
builder = impexpd.CommandBuilder(constants.IEM_EXPORT, opts, 1, 2, 3)
self.assertRaises(errors.GenericError, builder.GetCommand)
def testModeError(self):
mode = "foobarbaz"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment