Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Dec 2016 11:41:17 +0000 (UTC)
From:      Ngie Cooper <ngie@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r310501 - head/contrib/bsnmp/lib
Message-ID:  <201612241141.uBOBfHYw091518@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ngie
Date: Sat Dec 24 11:41:16 2016
New Revision: 310501
URL: https://svnweb.freebsd.org/changeset/base/310501

Log:
  Be more strict about IpAddress type in snmp_value_parse(..)
  
  - Use inet_pton with AF_INET instead of doing longhand with sscanf.
  - Use gethostbyname2 with AF_INET to ensure that the hostname isn't
    accidentally parsed with another address family, e.g. AF_INET6.
  
  NB: IpAddress per RFC-2578 is IPv4 only. Work is in progress to add
      the InetAddress type and friends documented in RFC-4001 and
      elsewhere (which supports IPv4, IPv6, and more).
  
  MFC after:	2 weeks

Modified:
  head/contrib/bsnmp/lib/snmp.c

Modified: head/contrib/bsnmp/lib/snmp.c
==============================================================================
--- head/contrib/bsnmp/lib/snmp.c	Sat Dec 24 11:30:24 2016	(r310500)
+++ head/contrib/bsnmp/lib/snmp.c	Sat Dec 24 11:41:16 2016	(r310501)
@@ -51,6 +51,8 @@
 #elif defined(HAVE_INTTYPES_H)
 #include <inttypes.h>
 #endif
+#include <netinet/in.h>
+#include <arpa/inet.h>
 
 #include "asn1.h"
 #include "snmp.h"
@@ -1384,29 +1386,16 @@ snmp_value_parse(const char *str, enum s
 	  case SNMP_SYNTAX_IPADDRESS:
 	    {
 		struct hostent *he;
-		u_long ip[4];
-		int n;
 
-		if (sscanf(str, "%lu.%lu.%lu.%lu%n", &ip[0], &ip[1], &ip[2],
-		    &ip[3], &n) == 4 && (size_t)n == strlen(str) &&
-		    ip[0] <= 0xff && ip[1] <= 0xff &&
-		    ip[2] <= 0xff && ip[3] <= 0xff) {
-			v->ipaddress[0] = (u_char)ip[0];
-			v->ipaddress[1] = (u_char)ip[1];
-			v->ipaddress[2] = (u_char)ip[2];
-			v->ipaddress[3] = (u_char)ip[3];
+		if (inet_pton(AF_INET, str, &v->ipaddress) == 1)
 			return (0);
-		}
-
-		if ((he = gethostbyname(str)) == NULL)
+		if ((he = gethostbyname2(str, AF_INET)) == NULL)
 			return (-1);
 		if (he->h_addrtype != AF_INET)
 			return (-1);
 
-		v->ipaddress[0] = he->h_addr[0];
-		v->ipaddress[1] = he->h_addr[1];
-		v->ipaddress[2] = he->h_addr[2];
-		v->ipaddress[3] = he->h_addr[3];
+		memcpy(v->ipaddress, he->h_addr, sizeof(v->ipaddress));
+
 		return (0);
 	    }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612241141.uBOBfHYw091518>