11501 – nwwrap_getaddrinfo wrongly checks sanity of input in service param.

Bug 11501 - nwwrap_getaddrinfo wrongly checks sanity of input in service param.

Summary: nwwrap_getaddrinfo wrongly checks sanity of input in service param.

Status:	RESOLVED FIXED

Alias:	None

Product:	cwrap
Classification:	Unclassified
Component:	library (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal
Target Milestone:	---
Assignee:	Andreas Schneider
QA Contact:

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-09-07 13:10 UTC by Robin Hack
Modified:	2015-11-20 11:55 UTC (History)
CC List:	0 users

See Also:

Attachments
Proposed patch (3.70 KB, patch) 2015-09-07 13:14 UTC, Robin Hack	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robin Hack 2015-09-07 13:10:13 UTC

nwrap_getaddrinfo function accept input in service param like:
rc = getaddrinfo(NULL, "80a1", &hints, &res);

This is handled by nwrap and 0 is returned. EAI_NONAME should be returned.

Comment 1 Robin Hack 2015-09-07 13:14:27 UTC

Created attachment 11416 [details]
Proposed patch

Proposed patch

    nwrap: Better check service string sanity.
    
    Fixes bug 11501.
    Patch use strtol() instead of atoi() to convert strings to numbers.
    This helps better check sanity of service input string.
    
    TESTS: Added new test: test_nwrap_getaddrinfo_flags_ai_numericserv
    
    Test checks if non-valid input is passed correctly.

Comment 2 Andreas Schneider 2015-10-07 15:03:33 UTC

Robin, is this patch still valid for the current master tree? If yes, please rebase it.

Comment 3 Robin Hack 2015-10-13 09:25:36 UTC

Hi Andreas. Bug is still valid.

Proposed patch is here:
https://github.com/marmolak/nss_wrapper/commit/74e5a94e9da71642c604124ee3ca300d56cfa653

Comment 4 Andreas Schneider 2015-11-20 11:55:39 UTC

nss_wrapper-1.1.0 has been released addressing the issue.