[fpc-pascal] Bug 37080 -- StrToHostAddr accepts all Pascal number notations

Noel Duffy noelduffy at xtra.co.nz
Fri May 15 12:39:21 CEST 2020

While doing some work on bug 37060, the refactoring of StrToHostAddr and 
StrToHostAddr6 in the sockets 
unit,(https://bugs.freepascal.org/view.php?id=37060), I found that 
StrToHostAddr is doing no validation at all on input address characters 
before calling the function Val, so any Pascal notation that Val 
accepts, such as 0x and $ for hexadecimal, % for binary, & for octal, 
and mathematical signs are all accepted in ipv4 octets.


As a consequence, StrToHostAddr will happily parse addresses like these:


Any number in any notation will be accepted as long as byte overflow 
isn't triggered. Thus, + in octets is accepted, but - is not, because 
the function detects that the octet is negative which then triggers 

Fixing this is outside the scope of the patch I'm preparing for 37060, 
but if no-one else feels inclined to look into this by the time I'm 
finished with that patch then I'll submit a new patch for it.

More information about the fpc-pascal mailing list