klibc-bot for Ben Hutchings
2024-Mar-21 22:36 UTC
[klibc] [klibc:master] inet: Stricter IPv6 field parsing in inet_pton()
Commit-ID: 7359f104c202a6e36212324cdd5aba7964737e9d
Gitweb:
http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=7359f104c202a6e36212324cdd5aba7964737e9d
Author: Ben Hutchings <ben at decadent.org.uk>
AuthorDate: Thu, 21 Mar 2024 23:12:47 +0100
Committer: Ben Hutchings <ben at decadent.org.uk>
CommitDate: Thu, 21 Mar 2024 23:30:45 +0100
[klibc] inet: Stricter IPv6 field parsing in inet_pton()
We currently don't range-check the fields of an IPv6 address, so the
following strings are wrongly accepted:
"10000::"
"::10000"
Since we currently only support hexadecimal fields, implement the
range check by limiting the number of digits to 4.
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
usr/klibc/inet/inet_pton.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/usr/klibc/inet/inet_pton.c b/usr/klibc/inet/inet_pton.c
index a319506a..19706ce0 100644
--- a/usr/klibc/inet/inet_pton.c
+++ b/usr/klibc/inet/inet_pton.c
@@ -32,7 +32,7 @@ int inet_pton(int af, const char *src, void *dst)
case AF_INET6:
{
struct in6_addr *d = (struct in6_addr *)dst;
- int colons = 0, dcolons = 0;
+ int colons = 0, dcolons = 0, digits = 0;
int i;
const char *p;
@@ -43,7 +43,9 @@ int inet_pton(int af, const char *src, void *dst)
colons++;
if (p[1] == ':')
dcolons++;
- } else if (!isxdigit((unsigned char)*p))
+ digits = 0;
+ } else if (!isxdigit((unsigned char)*p)
+ || ++digits > 4)
return 0; /* Invalid address */
}