8597553f96
- Support an arbitrary number of search domains (#168253) - Detect and apply /etc/resolv.conf changes in libresolv (#1374239) - CVE-2015-5180: DNS stub resolver crash with crafted record type (#1251403)
112 lines
3.1 KiB
Diff
112 lines
3.1 KiB
Diff
commit 9a0cc8c1bd7645bf3c988890ffb59639c07a5812
|
|
Author: Florian Weimer <fweimer@redhat.com>
|
|
Date: Fri Jun 23 22:51:00 2017 +0200
|
|
|
|
inet_pton: Reject IPv6 addresses with many leading zeros [BZ #16637]
|
|
|
|
2001:db8:00001::f is not a valid IPv6 address according to RFC 2373.
|
|
|
|
diff --git a/resolv/inet_pton.c b/resolv/inet_pton.c
|
|
index b95da47c17ef8afc..16ee33e0c0dfb015 100644
|
|
--- a/resolv/inet_pton.c
|
|
+++ b/resolv/inet_pton.c
|
|
@@ -144,7 +144,8 @@ inet_pton6 (const char *src, const char *src_endp, unsigned char *dst)
|
|
{
|
|
unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
|
|
const char *curtok;
|
|
- int ch, saw_xdigit;
|
|
+ int ch;
|
|
+ size_t xdigits_seen; /* Number of hex digits since colon. */
|
|
unsigned int val;
|
|
|
|
tp = memset (tmp, '\0', NS_IN6ADDRSZ);
|
|
@@ -162,7 +163,7 @@ inet_pton6 (const char *src, const char *src_endp, unsigned char *dst)
|
|
}
|
|
|
|
curtok = src;
|
|
- saw_xdigit = 0;
|
|
+ xdigits_seen = 0;
|
|
val = 0;
|
|
while (src < src_endp)
|
|
{
|
|
@@ -170,17 +171,19 @@ inet_pton6 (const char *src, const char *src_endp, unsigned char *dst)
|
|
int digit = hex_digit_value (ch);
|
|
if (digit >= 0)
|
|
{
|
|
+ if (xdigits_seen == 4)
|
|
+ return 0;
|
|
val <<= 4;
|
|
val |= digit;
|
|
if (val > 0xffff)
|
|
return 0;
|
|
- saw_xdigit = 1;
|
|
+ ++xdigits_seen;
|
|
continue;
|
|
}
|
|
if (ch == ':')
|
|
{
|
|
curtok = src;
|
|
- if (!saw_xdigit)
|
|
+ if (xdigits_seen == 0)
|
|
{
|
|
if (colonp)
|
|
return 0;
|
|
@@ -193,7 +196,7 @@ inet_pton6 (const char *src, const char *src_endp, unsigned char *dst)
|
|
return 0;
|
|
*tp++ = (unsigned char) (val >> 8) & 0xff;
|
|
*tp++ = (unsigned char) val & 0xff;
|
|
- saw_xdigit = 0;
|
|
+ xdigits_seen = 0;
|
|
val = 0;
|
|
continue;
|
|
}
|
|
@@ -201,12 +204,12 @@ inet_pton6 (const char *src, const char *src_endp, unsigned char *dst)
|
|
&& inet_pton4 (curtok, src_endp, tp) > 0)
|
|
{
|
|
tp += NS_INADDRSZ;
|
|
- saw_xdigit = 0;
|
|
+ xdigits_seen = 0;
|
|
break; /* '\0' was seen by inet_pton4. */
|
|
}
|
|
return 0;
|
|
}
|
|
- if (saw_xdigit)
|
|
+ if (xdigits_seen > 0)
|
|
{
|
|
if (tp + NS_INT16SZ > endp)
|
|
return 0;
|
|
diff --git a/resolv/tst-inet_pton.c b/resolv/tst-inet_pton.c
|
|
index 7fffb24cdf9eb1f4..4bb9f8119378b467 100644
|
|
--- a/resolv/tst-inet_pton.c
|
|
+++ b/resolv/tst-inet_pton.c
|
|
@@ -226,13 +226,7 @@ const struct test_case test_cases[] =
|
|
},
|
|
{.input = "2", },
|
|
{.input = "2.", },
|
|
- {.input = "2001:db8:00001::f",
|
|
- .ipv6_ok = true,
|
|
- .ipv6_expected = {
|
|
- 0x20, 0x1, 0xd, 0xb8, 0x0, 0x1, 0x0, 0x0,
|
|
- 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf
|
|
- },
|
|
- },
|
|
+ {.input = "2001:db8:00001::f", },
|
|
{.input = "2001:db8:10000::f", },
|
|
{.input = "2001:db8:1234:5678:abcd:ef01:2345:67",
|
|
.ipv6_ok = true,
|
|
@@ -454,13 +448,7 @@ const struct test_case test_cases[] =
|
|
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0
|
|
},
|
|
},
|
|
- {.input = "::00001",
|
|
- .ipv6_ok = true,
|
|
- .ipv6_expected = {
|
|
- 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
|
|
- 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1
|
|
- },
|
|
- },
|
|
+ {.input = "::00001", },
|
|
{.input = "::1",
|
|
.ipv6_ok = true,
|
|
.ipv6_expected = {
|