diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2024-03-21 23:12:47 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2024-03-21 23:30:45 +0100 |
commit | 7359f104c202a6e36212324cdd5aba7964737e9d (patch) | |
tree | 45a2bfe7126eb6c4e871832dc1e886c1cd3a23e5 | |
parent | d539458148cb998600b4596227cd52eb1ca930da (diff) |
We currently don't range-check the fields of an IPv6 address, so the
following strings are wrongly accepted:
"10000::"
"::10000"
Since we currently only support hexadecimal fields, implement the
range check by limiting the number of digits to 4.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
-rw-r--r-- | usr/klibc/inet/inet_pton.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/usr/klibc/inet/inet_pton.c b/usr/klibc/inet/inet_pton.c index a319506abd390..19706ce03646b 100644 --- a/usr/klibc/inet/inet_pton.c +++ b/usr/klibc/inet/inet_pton.c @@ -32,7 +32,7 @@ int inet_pton(int af, const char *src, void *dst) case AF_INET6: { struct in6_addr *d = (struct in6_addr *)dst; - int colons = 0, dcolons = 0; + int colons = 0, dcolons = 0, digits = 0; int i; const char *p; @@ -43,7 +43,9 @@ int inet_pton(int af, const char *src, void *dst) colons++; if (p[1] == ':') dcolons++; - } else if (!isxdigit((unsigned char)*p)) + digits = 0; + } else if (!isxdigit((unsigned char)*p) + || ++digits > 4) return 0; /* Invalid address */ } |