From e6b5e940fdb8e2ded70a80132af6c280db02e8d8 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Sat, 12 Mar 2011 08:30:40 +0000 Subject: inet_diag: stricter IPv6 address parsing Be stricter about invalid inputs. --- ext/raindrops/linux_inet_diag.c | 19 +++++++++---------- test/test_linux_ipv6.rb | 5 +++++ 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/ext/raindrops/linux_inet_diag.c b/ext/raindrops/linux_inet_diag.c index 2358fc0..280bfc7 100644 --- a/ext/raindrops/linux_inet_diag.c +++ b/ext/raindrops/linux_inet_diag.c @@ -315,15 +315,15 @@ static void parse_addr(struct sockaddr_storage *inet, VALUE addr) if (*host_ptr == '[') { /* ipv6 address format (rfc2732) */ rbracket = memchr(host_ptr + 1, ']', host_len - 1); - if (rbracket) { - if (rbracket[1] == ':') { - colon = rbracket + 1; - host_ptr++; - *rbracket = 0; - } else { - rbracket = NULL; - } - } + if (rbracket == NULL) + rb_raise(rb_eArgError, "']' not found in IPv6 addr=%s", + host_ptr); + if (rbracket[1] != ':') + rb_raise(rb_eArgError, "':' not found in IPv6 addr=%s", + host_ptr); + colon = rbracket + 1; + host_ptr++; + *rbracket = 0; } else { /* ipv4 */ colon = memchr(host_ptr, ':', host_len); } @@ -337,7 +337,6 @@ static void parse_addr(struct sockaddr_storage *inet, VALUE addr) hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV; *colon = 0; - if (rbracket) *rbracket = 0; rc = getaddrinfo(host_ptr, colon + 1, &hints, &res); *colon = ':'; if (rbracket) *rbracket = ']'; diff --git a/test/test_linux_ipv6.rb b/test/test_linux_ipv6.rb index bd24cab..479b9a2 100644 --- a/test/test_linux_ipv6.rb +++ b/test/test_linux_ipv6.rb @@ -96,6 +96,11 @@ class TestLinuxIPv6 < Test::Unit::TestCase assert_equal 1, stats[addr2].active end + def test_invalid_addresses + assert_raises(ArgumentError) { tcp_listener_stats(%w([1:::5)) } + assert_raises(ArgumentError) { tcp_listener_stats(%w([1:::]5)) } + end + # tries to overflow buffers def test_tcp_stress_test nr_proc = 32 -- cgit v1.2.3-24-ge0c7