libcmle documentation

(c) 2008 Steffen Wendzel (steffen (at) ploetner-it (dot) de)

file version 0.1, last edit: mon-21-jan, 23:13, by: swendzel

libcmle regular expressions

libcmle provides very easy to use regular expression functions based on the regex library of your system. libcmle uses this to provide allow and deny rules for char * (C string) variables of your code.

Syntax

These functions deny or allow values in str if they match the expression expr.

int _mstrdeny(char *expr, char *str, int flags);
int _mstrallow(char *expr, char *str, int flags);

Both functions will return CMLE_SUCCESS if the value of str is not denied/is allowed. _mstrdeny allows only values that DO NOT match expr, _mstrallow allows only values that DO MATCH expr.

This means that _mstrallow is the same (but reverse) what _mstrdeny is. And of course, _mstrallow is implemented by calling _mstrdeny and reverting its value.

RETURN VALUES

If the given value is not denied (=allowed), both functions return CMLE_SUCCESS. If the value is denied (=not allowed) both functions will return CMLE_FEXPR (= "found expression").

FLAGS

flags only accepts one value. In the normal case you can set it to 0 what takes no effect. But it also accepts the CMLE_KILLAPP value. This will kill the process if a value is denied/not allowed.

Example

Lets say a webserver accepts a GET request with a path the client wants to have access too. The path is stored in a variable called path and you want to make sure that the path doesn't contain ".." because this would make it possibly to request files like "../../../etc/passwd" by the client what is a huge security hole!

#include <iostream>
#include <libcmle.h>

/* This is your function that opens the path and sends back its
 * content to the client
 */
void
open_my_path(char *path)
{
	/* here we call _mstrdeny() to check if the path contains "..".
	 * We let libcmle kill this process (let's say it is only a child
	 * forked for this connection and we don't care about it ... */
	_mstrdeny("\\.\\.", path, CMLE_KILLAPP);

	/* okay, if the process is still alive: do something cool ... */
	do_something(path);
}

int
main()
{
	/* try to open the "/../etc/X11" dir */
	open_my_path("/../etc/X11");s
	return 0;
}

The output will look so:

$ ./test
_m_int_killregex: forbidden regular expression '/../etc/X11' found. killing app for security reasons.

Of yourse, you could use the usual regular expressions (libcmle does so behind) but this here is less code and even easier to use.