[fpc-pascal] Bug 37080 -- StrToHostAddr accepts all Pascal number notations
Michael Van Canneyt
michael at freepascal.org
Fri May 15 12:48:41 CEST 2020
On Fri, 15 May 2020, Noel Duffy via fpc-pascal wrote:
> While doing some work on bug 37060, the refactoring of StrToHostAddr and
> StrToHostAddr6 in the sockets
> unit,(https://bugs.freepascal.org/view.php?id=37060), I found that
> StrToHostAddr is doing no validation at all on input address characters
> before calling the function Val, so any Pascal notation that Val
> accepts, such as 0x and $ for hexadecimal, % for binary, & for octal,
> and mathematical signs are all accepted in ipv4 octets.
>
> https://bugs.freepascal.org/view.php?id=37080
>
> As a consequence, StrToHostAddr will happily parse addresses like these:
>
> 0xa.3.4.5
> 9.$c.4.5
> %1111.%11001110.30.4
> &7.&5.30.4
> 12.+4.1.1
>
> Any number in any notation will be accepted as long as byte overflow
> isn't triggered. Thus, + in octets is accepted, but - is not, because
> the function detects that the octet is negative which then triggers
> overflow.
>
> Fixing this is outside the scope of the patch I'm preparing for 37060,
> but if no-one else feels inclined to look into this by the time I'm
> finished with that patch then I'll submit a new patch for it.
Fixed.
Michael.
More information about the fpc-pascal
mailing list