[fpc-pascal] Bug 37080 -- StrToHostAddr accepts all Pascal number notations

Michael Van Canneyt michael at freepascal.org
Fri May 15 12:48:41 CEST 2020

On Fri, 15 May 2020, Noel Duffy via fpc-pascal wrote:

> While doing some work on bug 37060, the refactoring of StrToHostAddr and 
> StrToHostAddr6 in the sockets 
> unit,(https://bugs.freepascal.org/view.php?id=37060), I found that 
> StrToHostAddr is doing no validation at all on input address characters 
> before calling the function Val, so any Pascal notation that Val 
> accepts, such as 0x and $ for hexadecimal, % for binary, & for octal, 
> and mathematical signs are all accepted in ipv4 octets.
> https://bugs.freepascal.org/view.php?id=37080
> As a consequence, StrToHostAddr will happily parse addresses like these:
> 0xa.3.4.5
> 9.$c.4.5
> %1111.%11001110.30.4
> &7.&5.30.4
> 12.+4.1.1
> Any number in any notation will be accepted as long as byte overflow 
> isn't triggered. Thus, + in octets is accepted, but - is not, because 
> the function detects that the octet is negative which then triggers 
> overflow.
> Fixing this is outside the scope of the patch I'm preparing for 37060, 
> but if no-one else feels inclined to look into this by the time I'm 
> finished with that patch then I'll submit a new patch for it.



More information about the fpc-pascal mailing list