From: Florian Obser <florian@openbsd.org>
Subject: npppd(8): Mechanically change inet_aton to inet_pton.
To: tech <tech@openbsd.org>
Date: Wed, 21 Aug 2024 11:37:32 +0200

Not a npppd user, but it does not document that it would accept
truncated or otherwise not fully spelled out IPv4 addresses. So I guess
the parser can be stricter?

Tests, OKs?

diff --git common/addr_range.c common/addr_range.c
index d81e4b318f1..b8ee52c4189 100644
--- common/addr_range.c
+++ common/addr_range.c
@@ -63,6 +63,7 @@
 #endif
 
 #include <sys/types.h>
+#include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
@@ -264,23 +265,23 @@ in_addr_range_list_add(struct in_addr_range **list, const char *str)
 		is_maskaddr = 1;
 	}
 
-	if (inet_aton(p0, &a0) != 1) {
+	if (inet_pton(AF_INET, p0, &a0) != 1) {
 		if (errno == 0)
 			errno = EINVAL;
 #ifdef IIJDEBUG
 		saved_errno = errno;
-		log_printf(LOG_DL_1, "inet_aton(%s) failed: %m", p0);
+		log_printf(LOG_DL_1, "inet_pton(%s) failed: %m", p0);
 		errno = saved_errno;
 #endif
 		free(p0);
 		return -1;
 	}
-	if ((is_range || is_maskaddr) && inet_aton(p1, &a1) != 1) {
+	if ((is_range || is_maskaddr) && inet_pton(AF_INET, p1, &a1) != 1) {
 		if (errno == 0)
 			errno = EINVAL;
 #ifdef IIJDEBUG
 		saved_errno = errno;
-		log_printf(LOG_DL_1, "inet_aton(%s) failed: %m", p1);
+		log_printf(LOG_DL_1, "inet_pton(%s) failed: %m", p1);
 		errno = saved_errno;
 #endif
 		free(p0);
diff --git npppd/npppd_subr.c npppd/npppd_subr.c
index e24789b3495..c368b0681c7 100644
--- npppd/npppd_subr.c
+++ npppd/npppd_subr.c
@@ -108,7 +108,7 @@ load_resolv_conf(struct in_addr *pri, struct in_addr *sec)
 				addr = pri;
 			else
 				addr = sec;
-			if (inet_aton(ap, addr) != 1) {
+			if (inet_pton(AF_INET, ap, addr) != 1) {
 				/*
 				 * FIXME: If configured IPv6, it may have IPv6
 				 * FIXME: address.  For the present, continue.
diff --git npppd/parse.y npppd/parse.y
index fd8bb0d2956..d5c7d6266ef 100644
--- npppd/parse.y
+++ npppd/parse.y
@@ -639,7 +639,7 @@ addressport	: address optport {
 		;
 
 in4_addr	: STRING {
-			if (inet_aton($1, &($$)) != 1) {
+			if (inet_pton(AF_INET, $1, &($$)) != 1) {
 				yyerror("could not parse the address %s", $1);
 				free($1);
 				YYERROR;
diff --git npppd/privsep.c npppd/privsep.c
index 6736a9779d7..8b4408dd2ba 100644
--- npppd/privsep.c
+++ npppd/privsep.c
@@ -708,7 +708,7 @@ privsep_priv_dispatch_imsg(struct imsgbuf *ibuf)
 				}
 				if ((retval = cgetstr(buf, "framed-ip-address",
 				    &str)) >= 0) {
-					if (inet_aton(str,
+					if (inet_pton(AF_INET, str,
 					    &r.framed_ip_address) != 1)
 						goto on_broken_entry;
 					free(str);
@@ -717,7 +717,7 @@ privsep_priv_dispatch_imsg(struct imsgbuf *ibuf)
 
 				if ((retval = cgetstr(buf, "framed-ip-netmask",
 				    &str)) >= 0) {
-					if (inet_aton(str,
+					if (inet_pton(AF_INET, str,
 					    &r.framed_ip_netmask) != 1)
 						goto on_broken_entry;
 					free(str);

-- 
In my defence, I have been left unsupervised.