Date: Mon, 22 Jan 2007 14:45:27 GMT From: Yong Tang<yong.599@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/108211: potentially a bug for inet_aton in sys/netinet/libalias/alias_proxy.c Message-ID: <200701221445.l0MEjRFA090791@www.freebsd.org> Resent-Message-ID: <200701221450.l0MEoImf057265@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 108211 >Category: misc >Synopsis: potentially a bug for inet_aton in sys/netinet/libalias/alias_proxy.c >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 22 14:50:18 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Yong Tang >Release: 6.1 >Organization: Sunbelt Software >Environment: >Description: In sys/netinet/libalias/alias_proxy.c, The following code exist. 158 #ifdef _KERNEL 159 static int 160 inet_aton(cp, addr) 161 const char *cp; 162 struct in_addr *addr; 163 { 180 l = strtoul(c, &endptr, 0); 181 182 if (l == ULONG_MAX || l == 0) 183 return (0); However, if the input cp is "0.0.0.0", then it seems this function will return (0) which is considered as an error. The reason is because 180: l = strtoul(c, &endptr, 0); l will return a 0 when the c is "0". Not quite sure if this is done purposely in FreeBSD but I have never experience similiar cases in other unix-platforms. Possible solution: change 182 (l == ULONG_MAX || l == 0) into 182 (l == ULONG_MAX || (l == 0 && (endptr == c)) >How-To-Repeat: review the code 180-182 in sys/netinet/libalias/alias_proxy.c >Fix: Possible solution: change 182 (l == ULONG_MAX || l == 0) into 182 (l == ULONG_MAX || (l == 0 && (endptr == c)) >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701221445.l0MEjRFA090791>