Download raw body.
npppd(8): Mechanically change inet_aton to inet_pton.
Hi,
On Wed, 21 Aug 2024 11:37:32 +0200
Florian Obser <florian@openbsd.org> wrote:
> Not a npppd user, but it does not document that it would accept
> truncated or otherwise not fully spelled out IPv4 addresses. So I guess
> the parser can be stricter?
Yes, it can be stricter. It was not intentional that the original
accepted various formats.
> Tests, OKs?
I tested L2TP/IPsec works after the patch.
ok yasuoka
> diff --git common/addr_range.c common/addr_range.c
> index d81e4b318f1..b8ee52c4189 100644
> --- common/addr_range.c
> +++ common/addr_range.c
> @@ -63,6 +63,7 @@
> #endif
>
> #include <sys/types.h>
> +#include <sys/socket.h>
> #include <netinet/in.h>
> #include <arpa/inet.h>
>
> @@ -264,23 +265,23 @@ in_addr_range_list_add(struct in_addr_range **list, const char *str)
> is_maskaddr = 1;
> }
>
> - if (inet_aton(p0, &a0) != 1) {
> + if (inet_pton(AF_INET, p0, &a0) != 1) {
> if (errno == 0)
> errno = EINVAL;
> #ifdef IIJDEBUG
> saved_errno = errno;
> - log_printf(LOG_DL_1, "inet_aton(%s) failed: %m", p0);
> + log_printf(LOG_DL_1, "inet_pton(%s) failed: %m", p0);
> errno = saved_errno;
> #endif
> free(p0);
> return -1;
> }
> - if ((is_range || is_maskaddr) && inet_aton(p1, &a1) != 1) {
> + if ((is_range || is_maskaddr) && inet_pton(AF_INET, p1, &a1) != 1) {
> if (errno == 0)
> errno = EINVAL;
> #ifdef IIJDEBUG
> saved_errno = errno;
> - log_printf(LOG_DL_1, "inet_aton(%s) failed: %m", p1);
> + log_printf(LOG_DL_1, "inet_pton(%s) failed: %m", p1);
> errno = saved_errno;
> #endif
> free(p0);
> diff --git npppd/npppd_subr.c npppd/npppd_subr.c
> index e24789b3495..c368b0681c7 100644
> --- npppd/npppd_subr.c
> +++ npppd/npppd_subr.c
> @@ -108,7 +108,7 @@ load_resolv_conf(struct in_addr *pri, struct in_addr *sec)
> addr = pri;
> else
> addr = sec;
> - if (inet_aton(ap, addr) != 1) {
> + if (inet_pton(AF_INET, ap, addr) != 1) {
> /*
> * FIXME: If configured IPv6, it may have IPv6
> * FIXME: address. For the present, continue.
> diff --git npppd/parse.y npppd/parse.y
> index fd8bb0d2956..d5c7d6266ef 100644
> --- npppd/parse.y
> +++ npppd/parse.y
> @@ -639,7 +639,7 @@ addressport : address optport {
> ;
>
> in4_addr : STRING {
> - if (inet_aton($1, &($$)) != 1) {
> + if (inet_pton(AF_INET, $1, &($$)) != 1) {
> yyerror("could not parse the address %s", $1);
> free($1);
> YYERROR;
> diff --git npppd/privsep.c npppd/privsep.c
> index 6736a9779d7..8b4408dd2ba 100644
> --- npppd/privsep.c
> +++ npppd/privsep.c
> @@ -708,7 +708,7 @@ privsep_priv_dispatch_imsg(struct imsgbuf *ibuf)
> }
> if ((retval = cgetstr(buf, "framed-ip-address",
> &str)) >= 0) {
> - if (inet_aton(str,
> + if (inet_pton(AF_INET, str,
> &r.framed_ip_address) != 1)
> goto on_broken_entry;
> free(str);
> @@ -717,7 +717,7 @@ privsep_priv_dispatch_imsg(struct imsgbuf *ibuf)
>
> if ((retval = cgetstr(buf, "framed-ip-netmask",
> &str)) >= 0) {
> - if (inet_aton(str,
> + if (inet_pton(AF_INET, str,
> &r.framed_ip_netmask) != 1)
> goto on_broken_entry;
> free(str);
>
> --
> In my defence, I have been left unsupervised.
>
>
npppd(8): Mechanically change inet_aton to inet_pton.