Bug 11501 - nwwrap_getaddrinfo wrongly checks sanity of input in service param.
nwwrap_getaddrinfo wrongly checks sanity of input in service param.
Status: RESOLVED FIXED
Product: cwrap
Classification: Unclassified
Component: library
unspecified
All All
: P5 normal
: ---
Assigned To: Andreas Schneider
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-07 13:10 UTC by Robin Hack
Modified: 2015-11-20 11:55 UTC (History)
0 users

See Also:


Attachments
Proposed patch (3.70 KB, patch)
2015-09-07 13:14 UTC, Robin Hack
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Robin Hack 2015-09-07 13:10:13 UTC
nwrap_getaddrinfo function accept input in service param like:
rc = getaddrinfo(NULL, "80a1", &hints, &res);

This is handled by nwrap and 0 is returned. EAI_NONAME should be returned.
Comment 1 Robin Hack 2015-09-07 13:14:27 UTC
Created attachment 11416 [details]
Proposed patch

Proposed patch

    nwrap: Better check service string sanity.
    
    Fixes bug 11501.
    Patch use strtol() instead of atoi() to convert strings to numbers.
    This helps better check sanity of service input string.
    
    TESTS: Added new test: test_nwrap_getaddrinfo_flags_ai_numericserv
    
    Test checks if non-valid input is passed correctly.
Comment 2 Andreas Schneider 2015-10-07 15:03:33 UTC
Robin, is this patch still valid for the current master tree? If yes, please rebase it.
Comment 3 Robin Hack 2015-10-13 09:25:36 UTC
Hi Andreas. Bug is still valid.

Proposed patch is here:
https://github.com/marmolak/nss_wrapper/commit/74e5a94e9da71642c604124ee3ca300d56cfa653
Comment 4 Andreas Schneider 2015-11-20 11:55:39 UTC
nss_wrapper-1.1.0 has been released addressing the issue.