From 37d9ce1d4544050396b44a1a1ba94429cb86267a Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Fri, 22 May 2015 13:27:02 +0000
Subject: do not generate wildcard '.' transitions in policy regex, be precise

---
 src/tun/regex.c      | 17 +++++++++++------
 src/tun/test_regex.c | 23 ++++++++++++++---------
 2 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/src/tun/regex.c b/src/tun/regex.c
index 25bd9fbf8..5c8897491 100644
--- a/src/tun/regex.c
+++ b/src/tun/regex.c
@@ -1,6 +1,6 @@
 /*
      This file is part of GNUnet
-     Copyright (C) 2012, 2013 Christian Grothoff (and other contributing authors)
+     Copyright (C) 2012, 2013, 2015 Christian Grothoff (and other contributing authors)
 
      GNUnet is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published
@@ -27,6 +27,11 @@
 #include "gnunet_util_lib.h"
 #include "gnunet_tun_lib.h"
 
+/**
+ * 'wildcard', matches all possible values (for HEX encoding).
+ */
+#define DOT "(0|1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)"
+
 
 /**
  * Create a regex in @a rxstr from the given @a ip and @a netmask.
@@ -92,7 +97,7 @@ nibble_to_regex (uint8_t value,
   switch (mask)
   {
   case 0:
-    return GNUNET_strdup ("."); /* wildcard */
+    return GNUNET_strdup (DOT);
   case 8:
     GNUNET_asprintf (&ret,
                      "(%X|%X|%X|%X|%X|%X|%X|%X)",
@@ -236,7 +241,7 @@ compute_policy (unsigned int start,
   char middlehp[33+2]; /* 16 * 2 + 0-terminator + () */
   char middlelp[33+2]; /* 16 * 2 + 0-terminator + () */
   char afterp[36+2]; /* 16 * 2 + 3 dots + 0-terminator + () */
-  char dots[4];
+  char dots[5 * strlen (DOT)];
   char buf[3];
   char *middle;
   char *ret;
@@ -311,7 +316,7 @@ compute_policy (unsigned int start,
     strcpy (afterp, after);
   dots[0] = '\0';
   for (xstep=step/16;xstep>0;xstep/=16)
-    strcat (dots, ".");
+    strcat (dots, DOT);
   if (step >= 16)
   {
     if (strlen (middlel) > 0)
@@ -516,7 +521,7 @@ port_to_regex (const struct GNUNET_STRINGS_PortPolicy *pp)
        ( (1 == pp->start_port) &&
          (0xFFFF == pp->end_port) &&
          (GNUNET_NO == pp->negate_portrange)) )
-    return GNUNET_strdup ("....");
+    return GNUNET_strdup (DOT DOT DOT DOT);
   if ( (pp->start_port == pp->end_port) &&
        (GNUNET_NO == pp->negate_portrange))
   {
@@ -685,7 +690,7 @@ ipv6_to_regex (const struct GNUNET_STRINGS_IPv6NetworkPolicy *v6)
  * Convert an exit policy to a regular expression.  The exit policy
  * specifies a set of subnets this peer is willing to serve as an
  * exit for; the resulting regular expression will match the
- * IPv4 address strings as returned by 'GNUNET_TUN_ipv4toregexsearch'.
+ * IPv4 address strings as returned by #GNUNET_TUN_ipv4toregexsearch().
  *
  * @param policy exit policy specification
  * @return regular expression, NULL on error
diff --git a/src/tun/test_regex.c b/src/tun/test_regex.c
index 162a73b4b..f3cf7f7e1 100644
--- a/src/tun/test_regex.c
+++ b/src/tun/test_regex.c
@@ -25,6 +25,11 @@
 #include "platform.h"
 #include "gnunet_tun_lib.h"
 
+/**
+ * 'wildcard', matches all possible values (for HEX encoding).
+ */
+#define DOT "(0|1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)"
+
 
 static int
 test_iptoregex (const char *ipv4,
@@ -144,31 +149,31 @@ main (int argc, char *argv[])
                     "6-0031-E1E173F951BE00000000000000000000");
   error +=
     test_policy4toregex ("192.1.2.0/24:80;",
-                         "4-0050-C00102..");
+                         "4-0050-C00102" DOT DOT);
   error +=
     test_policy4toregex ("192.1.0.0/16;",
-                         "4-....-C001....");
+                         "4-" DOT DOT DOT DOT "-C001" DOT DOT DOT DOT);
   error +=
     test_policy4toregex ("192.1.0.0/16:80-81;",
-                         "4-(0050|0051)-C001....");
+                         "4-(0050|0051)-C001" DOT DOT DOT DOT);
   error +=
     test_policy4toregex ("192.1.0.0/8:!3-65535;",
-                         "4-000(0|1|2)-C0......");
+                         "4-000(0|1|2)-C0" DOT DOT DOT DOT DOT DOT);
   error +=
     test_policy4toregex ("192.1.0.0/8:!25-56;",
-                         "4-(0(0(0.|1(0|1|2|3|4|5|6|7|8)|3(9|A|B|C|D|E|F)|(4|5|6|7|8|9|A|B|C|D|E|F).)|(1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)..)|(1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)...)-C0......");
+                         "4-(0(0(0"DOT"|1(0|1|2|3|4|5|6|7|8)|3(9|A|B|C|D|E|F)|(4|5|6|7|8|9|A|B|C|D|E|F)"DOT")|(1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)"DOT DOT")|(1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)"DOT DOT DOT")-C0"DOT DOT DOT DOT DOT DOT);
   error +=
     test_policy6toregex ("E1E1::1;",
-                         "6-....-E1E10000000000000000000000000001");
+                         "6-"DOT DOT DOT DOT"-E1E10000000000000000000000000001");
   error +=
     test_policy6toregex ("E1E1:ABCD::1/120;",
-                         "6-....-E1E1ABCD0000000000000000000000..");
+                         "6-"DOT DOT DOT DOT"-E1E1ABCD0000000000000000000000" DOT DOT);
   error +=
     test_policy6toregex ("E1E1:ABCD::ABCD/126;",
-                         "6-....-E1E1ABCD00000000000000000000ABC(C|D|E|F)");
+                         "6-"DOT DOT DOT DOT"-E1E1ABCD00000000000000000000ABC(C|D|E|F)");
   error +=
     test_policy6toregex ("E1E1:ABCD::ABCD/127;",
-                         "6-....-E1E1ABCD00000000000000000000ABC(C|D)");
+                         "6-"DOT DOT DOT DOT"-E1E1ABCD00000000000000000000ABC(C|D)");
   error +=
     test_policy6toregex ("E1E1:ABCD::ABCD/128:80;",
                          "6-0050-E1E1ABCD00000000000000000000ABCD");
-- 
cgit v1.2.3