misc/108211: potentially a bug for inet_aton in
sys/netinet/libalias/alias_proxy.c
Yong Tang
yong.599 at gmail.com
Mon Jan 22 14:50:19 UTC 2007
>Number: 108211
>Category: misc
>Synopsis: potentially a bug for inet_aton in sys/netinet/libalias/alias_proxy.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 22 14:50:18 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Yong Tang
>Release: 6.1
>Organization:
Sunbelt Software
>Environment:
>Description:
In sys/netinet/libalias/alias_proxy.c,
The following code exist.
158 #ifdef _KERNEL
159 static int
160 inet_aton(cp, addr)
161 const char *cp;
162 struct in_addr *addr;
163 {
180 l = strtoul(c, &endptr, 0);
181
182 if (l == ULONG_MAX || l == 0)
183 return (0);
However, if the input cp is "0.0.0.0", then it seems this function will return (0) which is considered as an error.
The reason is because 180:
l = strtoul(c, &endptr, 0);
l will return a 0 when the c is "0".
Not quite sure if this is done purposely in FreeBSD but I have never experience similiar cases in other unix-platforms.
Possible solution:
change
182 (l == ULONG_MAX || l == 0)
into
182 (l == ULONG_MAX || (l == 0 && (endptr == c))
>How-To-Repeat:
review the code 180-182 in sys/netinet/libalias/alias_proxy.c
>Fix:
Possible solution:
change
182 (l == ULONG_MAX || l == 0)
into
182 (l == ULONG_MAX || (l == 0 && (endptr == c))
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list