[fpc-pascal] Bug 37080 -- StrToHostAddr accepts all Pascal number notations
Noel Duffy
noelduffy at xtra.co.nz
Fri May 15 12:39:21 CEST 2020
While doing some work on bug 37060, the refactoring of StrToHostAddr and
StrToHostAddr6 in the sockets
unit,(https://bugs.freepascal.org/view.php?id=37060), I found that
StrToHostAddr is doing no validation at all on input address characters
before calling the function Val, so any Pascal notation that Val
accepts, such as 0x and $ for hexadecimal, % for binary, & for octal,
and mathematical signs are all accepted in ipv4 octets.
https://bugs.freepascal.org/view.php?id=37080
As a consequence, StrToHostAddr will happily parse addresses like these:
0xa.3.4.5
9.$c.4.5
%1111.%11001110.30.4
&7.&5.30.4
12.+4.1.1
Any number in any notation will be accepted as long as byte overflow
isn't triggered. Thus, + in octets is accepted, but - is not, because
the function detects that the octet is negative which then triggers
overflow.
Fixing this is outside the scope of the patch I'm preparing for 37060,
but if no-one else feels inclined to look into this by the time I'm
finished with that patch then I'll submit a new patch for it.
More information about the fpc-pascal
mailing list