From: YASUOKA Masahiko <yasuoka@openbsd.org>
Subject: Re: npppd(8): Mechanically change inet_aton to inet_pton.
To: florian@openbsd.org
Cc: tech@openbsd.org
Date: Thu, 22 Aug 2024 11:38:21 +0900

Hi,

On Wed, 21 Aug 2024 11:37:32 +0200
Florian Obser <florian@openbsd.org> wrote:
> Not a npppd user, but it does not document that it would accept
> truncated or otherwise not fully spelled out IPv4 addresses. So I guess
> the parser can be stricter?

Yes, it can be stricter.  It was not intentional that the original
accepted various formats.

> Tests, OKs?

I tested L2TP/IPsec works after the patch.

ok yasuoka


> diff --git common/addr_range.c common/addr_range.c
> index d81e4b318f1..b8ee52c4189 100644
> --- common/addr_range.c
> +++ common/addr_range.c
> @@ -63,6 +63,7 @@
>  #endif
>  
>  #include <sys/types.h>
> +#include <sys/socket.h>
>  #include <netinet/in.h>
>  #include <arpa/inet.h>
>  
> @@ -264,23 +265,23 @@ in_addr_range_list_add(struct in_addr_range **list, const char *str)
>  		is_maskaddr = 1;
>  	}
>  
> -	if (inet_aton(p0, &a0) != 1) {
> +	if (inet_pton(AF_INET, p0, &a0) != 1) {
>  		if (errno == 0)
>  			errno = EINVAL;
>  #ifdef IIJDEBUG
>  		saved_errno = errno;
> -		log_printf(LOG_DL_1, "inet_aton(%s) failed: %m", p0);
> +		log_printf(LOG_DL_1, "inet_pton(%s) failed: %m", p0);
>  		errno = saved_errno;
>  #endif
>  		free(p0);
>  		return -1;
>  	}
> -	if ((is_range || is_maskaddr) && inet_aton(p1, &a1) != 1) {
> +	if ((is_range || is_maskaddr) && inet_pton(AF_INET, p1, &a1) != 1) {
>  		if (errno == 0)
>  			errno = EINVAL;
>  #ifdef IIJDEBUG
>  		saved_errno = errno;
> -		log_printf(LOG_DL_1, "inet_aton(%s) failed: %m", p1);
> +		log_printf(LOG_DL_1, "inet_pton(%s) failed: %m", p1);
>  		errno = saved_errno;
>  #endif
>  		free(p0);
> diff --git npppd/npppd_subr.c npppd/npppd_subr.c
> index e24789b3495..c368b0681c7 100644
> --- npppd/npppd_subr.c
> +++ npppd/npppd_subr.c
> @@ -108,7 +108,7 @@ load_resolv_conf(struct in_addr *pri, struct in_addr *sec)
>  				addr = pri;
>  			else
>  				addr = sec;
> -			if (inet_aton(ap, addr) != 1) {
> +			if (inet_pton(AF_INET, ap, addr) != 1) {
>  				/*
>  				 * FIXME: If configured IPv6, it may have IPv6
>  				 * FIXME: address.  For the present, continue.
> diff --git npppd/parse.y npppd/parse.y
> index fd8bb0d2956..d5c7d6266ef 100644
> --- npppd/parse.y
> +++ npppd/parse.y
> @@ -639,7 +639,7 @@ addressport	: address optport {
>  		;
>  
>  in4_addr	: STRING {
> -			if (inet_aton($1, &($$)) != 1) {
> +			if (inet_pton(AF_INET, $1, &($$)) != 1) {
>  				yyerror("could not parse the address %s", $1);
>  				free($1);
>  				YYERROR;
> diff --git npppd/privsep.c npppd/privsep.c
> index 6736a9779d7..8b4408dd2ba 100644
> --- npppd/privsep.c
> +++ npppd/privsep.c
> @@ -708,7 +708,7 @@ privsep_priv_dispatch_imsg(struct imsgbuf *ibuf)
>  				}
>  				if ((retval = cgetstr(buf, "framed-ip-address",
>  				    &str)) >= 0) {
> -					if (inet_aton(str,
> +					if (inet_pton(AF_INET, str,
>  					    &r.framed_ip_address) != 1)
>  						goto on_broken_entry;
>  					free(str);
> @@ -717,7 +717,7 @@ privsep_priv_dispatch_imsg(struct imsgbuf *ibuf)
>  
>  				if ((retval = cgetstr(buf, "framed-ip-netmask",
>  				    &str)) >= 0) {
> -					if (inet_aton(str,
> +					if (inet_pton(AF_INET, str,
>  					    &r.framed_ip_netmask) != 1)
>  						goto on_broken_entry;
>  					free(str);
> 
> -- 
> In my defence, I have been left unsupervised.
> 
>