Commit 446f4815 authored by Mark Andrews's avatar Mark Andrews
Browse files

1844. [bug] inet_pton() accepted more that 4 hexadecimal digits

                        for each 16 bit piece of the IPv6 address.  The text
                        representation of a IPv6 address has been tighted
                        to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
                        [RT #5662]
parent 0f222d32
......@@ -16,7 +16,7 @@
*/
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$Id: lwinetpton.c,v 1.7 2004/03/05 05:12:46 marka Exp $";
static char rcsid[] = "$Id: lwinetpton.c,v 1.8 2005/03/31 07:12:12 marka Exp $";
#endif /* LIBC_SCCS and not lint */
#include <config.h>
......@@ -129,7 +129,7 @@ inet_pton6(const char *src, unsigned char *dst) {
xdigits_u[] = "0123456789ABCDEF";
unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
const char *xdigits, *curtok;
int ch, saw_xdigit;
int ch, seen_xdigits;
unsigned int val;
memset((tp = tmp), '\0', NS_IN6ADDRSZ);
......@@ -140,7 +140,7 @@ inet_pton6(const char *src, unsigned char *dst) {
if (*++src != ':')
return (0);
curtok = src;
saw_xdigit = 0;
seen_xdigits = 0;
val = 0;
while ((ch = *src++) != '\0') {
const char *pch;
......@@ -150,14 +150,13 @@ inet_pton6(const char *src, unsigned char *dst) {
if (pch != NULL) {
val <<= 4;
val |= (pch - xdigits);
if (val > 0xffff)
if (++seen_xdigits > 4)
return (0);
saw_xdigit = 1;
continue;
}
if (ch == ':') {
curtok = src;
if (!saw_xdigit) {
if (!seen_xdigits) {
if (colonp)
return (0);
colonp = tp;
......@@ -167,19 +166,19 @@ inet_pton6(const char *src, unsigned char *dst) {
return (0);
*tp++ = (unsigned char) (val >> 8) & 0xff;
*tp++ = (unsigned char) val & 0xff;
saw_xdigit = 0;
seen_xdigits = 0;
val = 0;
continue;
}
if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
inet_pton4(curtok, tp) > 0) {
tp += NS_INADDRSZ;
saw_xdigit = 0;
seen_xdigits = 0;
break; /* '\0' was seen by inet_pton4(). */
}
return (0);
}
if (saw_xdigit) {
if (seen_xdigits) {
if (tp + NS_INT16SZ > endp)
return (0);
*tp++ = (unsigned char) (val >> 8) & 0xff;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment