[fpc-pascal] Bug 37080 -- StrToHostAddr accepts all Pascal number notations

Noel Duffy noelduffy at xtra.co.nz
Fri May 15 13:08:49 CEST 2020

On 15/05/20 10:48 pm, Michael Van Canneyt wrote:
> On Fri, 15 May 2020, Noel Duffy via fpc-pascal wrote:
>> While doing some work on bug 37060, the refactoring of StrToHostAddr 
>> and StrToHostAddr6 in the sockets 
>> unit,(https://bugs.freepascal.org/view.php?id=37060), I found that 
>> StrToHostAddr is doing no validation at all on input address 
>> characters before calling the function Val, so any Pascal notation 
>> that Val accepts, such as 0x and $ for hexadecimal, % for binary, & 
>> for octal, and mathematical signs are all accepted in ipv4 octets.
>> https://bugs.freepascal.org/view.php?id=37080
>> As a consequence, StrToHostAddr will happily parse addresses like these:
>> 0xa.3.4.5
>> 9.$c.4.5
>> %1111.%11001110.30.4
>> &7.&5.30.4
>> 12.+4.1.1
>> Any number in any notation will be accepted as long as byte overflow 
>> isn't triggered. Thus, + in octets is accepted, but - is not, because 
>> the function detects that the octet is negative which then triggers 
>> overflow.
>> Fixing this is outside the scope of the patch I'm preparing for 37060, 
>> but if no-one else feels inclined to look into this by the time I'm 
>> finished with that patch then I'll submit a new patch for it.
> Fixed.

That must be a new record in bug fix speed. You fixed that within ten 
minutes of my message to the list!

I forgot to mention in my message, but did mention in the bug report, 
that leading zeroes are also allowed, so you can parse:


More information about the fpc-pascal mailing list