Date: Mon, 22 Jan 2007 14:45:27 GMT From: Yong Tang<yong.599@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/108211: potentially a bug for inet_aton in sys/netinet/libalias/alias_proxy.c Message-ID: <200701221445.l0MEjRFA090791@www.freebsd.org> Resent-Message-ID: <200701221450.l0MEoImf057265@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 108211
>Category: misc
>Synopsis: potentially a bug for inet_aton in sys/netinet/libalias/alias_proxy.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 22 14:50:18 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Yong Tang
>Release: 6.1
>Organization:
Sunbelt Software
>Environment:
>Description:
In sys/netinet/libalias/alias_proxy.c,
The following code exist.
158 #ifdef _KERNEL
159 static int
160 inet_aton(cp, addr)
161 const char *cp;
162 struct in_addr *addr;
163 {
180 l = strtoul(c, &endptr, 0);
181
182 if (l == ULONG_MAX || l == 0)
183 return (0);
However, if the input cp is "0.0.0.0", then it seems this function will return (0) which is considered as an error.
The reason is because 180:
l = strtoul(c, &endptr, 0);
l will return a 0 when the c is "0".
Not quite sure if this is done purposely in FreeBSD but I have never experience similiar cases in other unix-platforms.
Possible solution:
change
182 (l == ULONG_MAX || l == 0)
into
182 (l == ULONG_MAX || (l == 0 && (endptr == c))
>How-To-Repeat:
review the code 180-182 in sys/netinet/libalias/alias_proxy.c
>Fix:
Possible solution:
change
182 (l == ULONG_MAX || l == 0)
into
182 (l == ULONG_MAX || (l == 0 && (endptr == c))
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701221445.l0MEjRFA090791>