This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 10/31/2013 02:32 PM, OndÅej BÃlka wrote:
On Thu, Oct 31, 2013 at 02:09:54PM +0100, Florian Weimer wrote:On 10/20/2013 08:07 PM, OndÅej BÃlka wrote:+ char *endptr; + long port = strtol (key[i], &endptr, 0); + + if (*endptr == '\0') + serv = getservbyport (htons (port), proto);This accepts leading "-" and "0x", which is not compliant with RFC 6335, either.There should be strtol (_, _, 10) in case when somebody names their service as 0x0.
Yes, and a check for overflow and values outside the defined range (0 to 65535, I think, although 0 is questionable).
In bugzilla a reason for this change was: Checking IANA, there are currently 28 service names registered that begin with a digit, for example 3com-tsmux and 3gpp-cbsp.
Oh well. Then I think fixing libc won't hurt. -- Florian Weimer / Red Hat Product Security Team
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |