From 51c4e451db10317616e557a7aa7922bababa77d5 Mon Sep 17 00:00:00 2001 From: Szabolcs Nagy Date: Tue, 22 Oct 2013 12:28:17 +0000 Subject: fix __ipparse to parse the generic numbers-and-dots IPv4 format correctly * allow at most 4 parts * bounds check the parts correctly * disallow leading whitespace and sign * check the address family before falling back to IPv6 --- src/network/__ipparse.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/network/__ipparse.c b/src/network/__ipparse.c index b0647aac..2480265b 100644 --- a/src/network/__ipparse.c +++ b/src/network/__ipparse.c @@ -1,27 +1,31 @@ #include #include +#include #include #include #include #include "__dns.h" -#include int __ipparse(void *dest, int family, const char *s0) { const char *s = s0; unsigned char *d = dest; unsigned long a[16] = { 0 }; - const char *z; + char *z; int i; if (family == AF_INET6) goto not_v4; for (i=0; i<4; i++) { - a[i] = strtoul(s, (char **)&z, 0); - if (z==s || (*z && *z != '.')) goto not_v4; + a[i] = strtoul(s, &z, 0); + if (z==s || (*z && *z != '.') || !isdigit(*s)) { + if (family == AF_INET) return -1; + goto not_v4; + } if (!*z) break; s=z+1; } + if (i==4) return -1; switch (i) { case 0: a[1] = a[0] & 0xffffff; @@ -35,7 +39,10 @@ int __ipparse(void *dest, int family, const char *s0) } ((struct sockaddr_in *)d)->sin_family = AF_INET; d = (void *)&((struct sockaddr_in *)d)->sin_addr; - for (i=0; i<4; i++) d[i] = a[i]; + for (i=0; i<4; i++) { + if (a[i] > 255) return -1; + d[i] = a[i]; + } return 0; not_v4: -- cgit v1.2.3-70-g09d2