[radvd-devel-l] string type in radvd scanner.l

[Reuben Hawkins]

On Thu, May 5, 2011 at 3:13 PM, Mark Smith
<radvd at 02a76c927861ca7413a122f2a73a0d37.nosense.org> wrote:
> On Thu, 5 May 2011 10:30:00 -0700
> Reuben Hawkins <reubenhwk at gmail.com> wrote:
>
>> Hi All,
>>
>> This is what the radvd scanner considers a string (for interface names
>> and dnssl)...
>>
>> string          [a-zA-Z0-9`~!@#$%\^&*()_\-+=:\[\]<>,\.?\\]{1,255}
>>
>> Does it really need to be so complex?  This change was added October
>> 14, 2008 with the commit message... "Accept virtually any interface
>> name (up to 15 chars) instead of forcing a specific naming
>> convention." and it was defined as...
>>
>> string    [a-z]([a-z:._-]|{digit})*([:.]{digit}+)?
>>
>> As it is now, scanner.o is 369K (on my machine), but with the older
>> version of string, scanner.o is 68K.  The rest of radvd is only 157K.
>> The more complex version of string increases the size of radvd by a
>> factor of three.  Is this really needed?  Can somebody come up with
>> something simpler which will provide a decent trade-off?
>>
>
> What would the risk be of accepting any string at all, and then passing
> it to the system routines that match interface names? Isn't the use of
> interface names an exact match lookup, so either the string supplied
> either matches a host interface name or doesn't, and therefore a
> interface name with any incorrect characters (regardless of what they
> are) would fail and understandably fail?
>
> (I too have been wondering why scanner.o is so large.)
>
> Regards,
> Mark.
>


Problem solved with this patch (which is already committed to CVS)...

-string		[a-zA-Z0-9`~!@#$%\^&*()_\-+=:\[\]<>,\.?\\]{1,255}
+string		[a-zA-Z0-9`~!@#$%\^&*()_\-+=:\[\]<>,\.?\\]+

scanner.o before patch: 362k
scanner.o after patch: 32k

both compiled with -Os

The string is trimmed to 255 chars (if over 255) and null terminated
in the string handling code already.