[PATCH] [v2] nss: fix getaddrinfo() accepting garbage as valid IPv4 address
Florian Weimer
fweimer@redhat.com
Mon Aug 26 12:37:42 GMT 2024
* Miklós Máté:
> Using inet_aton() for numeric addresses is not a good idea, because it
> accepts non-RFC-compliant strings, like "1", "1.2", "1.2.3", "123456",
> "0xbeef" etc. as a valid IPv4 address, and this behavior is even documented
> in its man page. Note that when .ai_family=AF_INET, and the numeric address
> decoding fails, in the next step getaddrinfo() calls gethostbyname(), which
> tries to decode it as numeric again (see digits_dots.c), so gethostbyname()
> must be fixed as well.
>
> I tested getaddrinfo() on other systems:
> - on FreeBSD it's broken like in glibc
> - on Windows the WinSock library only accepts RFC-compliant addresses
>
> This patch also includes a new test case in test 3, and fixes the port
> number in test 2. The nondecimal test is removed, because it wants octal
> and hexadecimal numbers in IPv4 addresses to be silently accepted by both
> gethostbyname() and getaddrinfo(), which is what this patch forbids.
Back in 2019, we didn't want to make the backwards-incompatible change
when we taught getaddrinfo to reject trailing unrecognized characters,
as some for of security hardening. The problem was (and perhps still
is) that configuration files might suddenly fail to load if we change
the parser too much.
Kubernetes went through a similar exercise when Go changed parsing of IP
addresses:
[go1.17] Guard against stdlib ParseIP/ParseCIDR changes in API
validation
<https://github.com/kubernetes/kubernetes/issues/100895>
Has something changed since 2019?
Thanks,
Florian
More information about the Libc-alpha
mailing list