Bug 11501 - nwwrap_getaddrinfo wrongly checks sanity of input in service param.
Summary: nwwrap_getaddrinfo wrongly checks sanity of input in service param.
Alias: None
Product: cwrap
Classification: Unclassified
Component: library (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Andreas Schneider
QA Contact:
Depends on:
Reported: 2015-09-07 13:10 UTC by Robin Hack
Modified: 2015-11-20 11:55 UTC (History)
0 users

See Also:

Proposed patch (3.70 KB, patch)
2015-09-07 13:14 UTC, Robin Hack
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Robin Hack 2015-09-07 13:10:13 UTC
nwrap_getaddrinfo function accept input in service param like:
rc = getaddrinfo(NULL, "80a1", &hints, &res);

This is handled by nwrap and 0 is returned. EAI_NONAME should be returned.
Comment 1 Robin Hack 2015-09-07 13:14:27 UTC
Created attachment 11416 [details]
Proposed patch

Proposed patch

    nwrap: Better check service string sanity.
    Fixes bug 11501.
    Patch use strtol() instead of atoi() to convert strings to numbers.
    This helps better check sanity of service input string.
    TESTS: Added new test: test_nwrap_getaddrinfo_flags_ai_numericserv
    Test checks if non-valid input is passed correctly.
Comment 2 Andreas Schneider 2015-10-07 15:03:33 UTC
Robin, is this patch still valid for the current master tree? If yes, please rebase it.
Comment 3 Robin Hack 2015-10-13 09:25:36 UTC
Hi Andreas. Bug is still valid.

Proposed patch is here:
Comment 4 Andreas Schneider 2015-11-20 11:55:39 UTC
nss_wrapper-1.1.0 has been released addressing the issue.