[fpc-pascal] Bug 37080 -- StrToHostAddr accepts all Pascal number notations
Noel Duffy
noelduffy at xtra.co.nz
Fri May 15 13:08:49 CEST 2020
On 15/05/20 10:48 pm, Michael Van Canneyt wrote:
>
>
> On Fri, 15 May 2020, Noel Duffy via fpc-pascal wrote:
>
>> While doing some work on bug 37060, the refactoring of StrToHostAddr
>> and StrToHostAddr6 in the sockets
>> unit,(https://bugs.freepascal.org/view.php?id=37060), I found that
>> StrToHostAddr is doing no validation at all on input address
>> characters before calling the function Val, so any Pascal notation
>> that Val accepts, such as 0x and $ for hexadecimal, % for binary, &
>> for octal, and mathematical signs are all accepted in ipv4 octets.
>>
>> https://bugs.freepascal.org/view.php?id=37080
>>
>> As a consequence, StrToHostAddr will happily parse addresses like these:
>>
>> 0xa.3.4.5
>> 9.$c.4.5
>> %1111.%11001110.30.4
>> &7.&5.30.4
>> 12.+4.1.1
>>
>> Any number in any notation will be accepted as long as byte overflow
>> isn't triggered. Thus, + in octets is accepted, but - is not, because
>> the function detects that the octet is negative which then triggers
>> overflow.
>>
>> Fixing this is outside the scope of the patch I'm preparing for 37060,
>> but if no-one else feels inclined to look into this by the time I'm
>> finished with that patch then I'll submit a new patch for it.
>
> Fixed.
That must be a new record in bug fix speed. You fixed that within ten
minutes of my message to the list!
I forgot to mention in my message, but did mention in the bug report,
that leading zeroes are also allowed, so you can parse:
0000000001.1.1.1
More information about the fpc-pascal
mailing list