aboutsummaryrefslogtreecommitdiff
path: root/nss
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2019-01-21 21:26:03 +0100
committerFlorian Weimer <fweimer@redhat.com>2019-01-21 21:26:03 +0100
commit108bc4049f8ae82710aec26a92ffdb4b439c83fd (patch)
tree8028ac534476871bac578df4435bf0bf7388f672 /nss
parent5165de69c0908e28a380cbd4bb054e55ea4abc95 (diff)
downloadglibc-108bc4049f8ae82710aec26a92ffdb4b439c83fd.zip
glibc-108bc4049f8ae82710aec26a92ffdb4b439c83fd.tar.gz
glibc-108bc4049f8ae82710aec26a92ffdb4b439c83fd.tar.bz2
CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings [BZ #20018]
The IPv4 address parser in the getaddrinfo function is changed so that it does not ignore trailing whitespace and all characters after it. For backwards compatibility, the getaddrinfo function still recognizes legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8 (octal). This commit does not change the behavior of inet_addr and inet_aton. gethostbyname already had additional sanity checks (but is switched over to the new __inet_aton_exact function for completeness as well). To avoid sending the problematic query names over DNS, commit 6ca53a2453598804a2559a548a08424fca96434a ("resolv: Do not send queries for non-host-names in nss_dns [BZ #24112]") is needed.
Diffstat (limited to 'nss')
-rw-r--r--nss/digits_dots.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/nss/digits_dots.c b/nss/digits_dots.c
index 9501589..440d995 100644
--- a/nss/digits_dots.c
+++ b/nss/digits_dots.c
@@ -29,7 +29,6 @@
#include "nsswitch.h"
#ifdef USE_NSCD
-# define inet_aton __inet_aton
# include <nscd/nscd_proto.h>
#endif
@@ -160,7 +159,7 @@ __nss_hostname_digits_dots_context (struct resolv_context *ctx,
255.255.255.255? The test below will succeed
spuriously... ??? */
if (af == AF_INET)
- ok = __inet_aton (name, (struct in_addr *) host_addr);
+ ok = __inet_aton_exact (name, (struct in_addr *) host_addr);
else
{
assert (af == AF_INET6);