This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH][BZ #15374] Make getent services compliant with RFC 6335 section 5.1
- From: Florian Weimer <fweimer at redhat dot com>
- To: OndÅej BÃlka <neleai at seznam dot cz>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 31 Oct 2013 14:35:51 +0100
- Subject: Re: [PATCH][BZ #15374] Make getent services compliant with RFC 6335 section 5.1
- Authentication-results: sourceware.org; auth=none
- References: <20131020180745 dot GA18200 at domone dot podge> <527256A2 dot 40902 at redhat dot com> <20131031133244 dot GA19495 at domone dot podge>
On 10/31/2013 02:32 PM, OndÅej BÃlka wrote:
On Thu, Oct 31, 2013 at 02:09:54PM +0100, Florian Weimer wrote:
On 10/20/2013 08:07 PM, OndÅej BÃlka wrote:
+ char *endptr;
+ long port = strtol (key[i], &endptr, 0);
+ if (*endptr == '\0')
+ serv = getservbyport (htons (port), proto);
This accepts leading "-" and "0x", which is not compliant with RFC
There should be strtol (_, _, 10) in case when somebody names their
service as 0x0.
Yes, and a check for overflow and values outside the defined range (0 to
65535, I think, although 0 is questionable).
In bugzilla a reason for this change was:
Checking IANA, there are currently 28 service names registered that
begin with a digit, for example 3com-tsmux and 3gpp-cbsp.
Oh well. Then I think fixing libc won't hurt.
Florian Weimer / Red Hat Product Security Team