Commit 446f4815 authored by Mark Andrews's avatar Mark Andrews
Browse files

1844. [bug] inet_pton() accepted more that 4 hexadecimal digits

                        for each 16 bit piece of the IPv6 address.  The text
                        representation of a IPv6 address has been tighted
                        to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
                        [RT #5662]
parent 0f222d32
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
*/ */
#if defined(LIBC_SCCS) && !defined(lint) #if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$Id: lwinetpton.c,v 1.7 2004/03/05 05:12:46 marka Exp $"; static char rcsid[] = "$Id: lwinetpton.c,v 1.8 2005/03/31 07:12:12 marka Exp $";
#endif /* LIBC_SCCS and not lint */ #endif /* LIBC_SCCS and not lint */
#include <config.h> #include <config.h>
...@@ -129,7 +129,7 @@ inet_pton6(const char *src, unsigned char *dst) { ...@@ -129,7 +129,7 @@ inet_pton6(const char *src, unsigned char *dst) {
xdigits_u[] = "0123456789ABCDEF"; xdigits_u[] = "0123456789ABCDEF";
unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
const char *xdigits, *curtok; const char *xdigits, *curtok;
int ch, saw_xdigit; int ch, seen_xdigits;
unsigned int val; unsigned int val;
memset((tp = tmp), '\0', NS_IN6ADDRSZ); memset((tp = tmp), '\0', NS_IN6ADDRSZ);
...@@ -140,7 +140,7 @@ inet_pton6(const char *src, unsigned char *dst) { ...@@ -140,7 +140,7 @@ inet_pton6(const char *src, unsigned char *dst) {
if (*++src != ':') if (*++src != ':')
return (0); return (0);
curtok = src; curtok = src;
saw_xdigit = 0; seen_xdigits = 0;
val = 0; val = 0;
while ((ch = *src++) != '\0') { while ((ch = *src++) != '\0') {
const char *pch; const char *pch;
...@@ -150,14 +150,13 @@ inet_pton6(const char *src, unsigned char *dst) { ...@@ -150,14 +150,13 @@ inet_pton6(const char *src, unsigned char *dst) {
if (pch != NULL) { if (pch != NULL) {
val <<= 4; val <<= 4;
val |= (pch - xdigits); val |= (pch - xdigits);
if (val > 0xffff) if (++seen_xdigits > 4)
return (0); return (0);
saw_xdigit = 1;
continue; continue;
} }
if (ch == ':') { if (ch == ':') {
curtok = src; curtok = src;
if (!saw_xdigit) { if (!seen_xdigits) {
if (colonp) if (colonp)
return (0); return (0);
colonp = tp; colonp = tp;
...@@ -167,19 +166,19 @@ inet_pton6(const char *src, unsigned char *dst) { ...@@ -167,19 +166,19 @@ inet_pton6(const char *src, unsigned char *dst) {
return (0); return (0);
*tp++ = (unsigned char) (val >> 8) & 0xff; *tp++ = (unsigned char) (val >> 8) & 0xff;
*tp++ = (unsigned char) val & 0xff; *tp++ = (unsigned char) val & 0xff;
saw_xdigit = 0; seen_xdigits = 0;
val = 0; val = 0;
continue; continue;
} }
if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) && if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
inet_pton4(curtok, tp) > 0) { inet_pton4(curtok, tp) > 0) {
tp += NS_INADDRSZ; tp += NS_INADDRSZ;
saw_xdigit = 0; seen_xdigits = 0;
break; /* '\0' was seen by inet_pton4(). */ break; /* '\0' was seen by inet_pton4(). */
} }
return (0); return (0);
} }
if (saw_xdigit) { if (seen_xdigits) {
if (tp + NS_INT16SZ > endp) if (tp + NS_INT16SZ > endp)
return (0); return (0);
*tp++ = (unsigned char) (val >> 8) & 0xff; *tp++ = (unsigned char) (val >> 8) & 0xff;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment