luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-01-12 07:26:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

g_hostname_is_ip_address: detect integer overflow

Browse Source 
Signed integer overflow is undefined behaviour, which the undefined
behaviour sanitizer detects.

Previously, if the compiler had implemented this in the obvious way
(overflowing signed multiplication wraps around mod 2**32), we would
have incorrectly classified addresses where one octet was, for example,
(2**32 + 42) as valid IP addresses, by treating that octet as though
it was 42.

Signed-off-by: Simon McVittie <smcv@debian.org>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=775510
Reviewed-by: Colin Walters
This commit is contained in:
Simon McVittie 2016-12-02 10:13:00 +00:00
parent 1d697a5f30
commit 4496ef91b5
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
glib/ghostutils.c
View File

@ -785,7 +785,12 @@ g_hostname_is_ip_address (const gchar *hostname)
else
{
for (end = p; g_ascii_isdigit (*end); end++)
octet = 10 * octet + (*end - '0');
{
octet = 10 * octet + (*end - '0');
if (octet > 255)
break;
}
}
if (end == p || end > p + 3 || octet > 255)
return FALSE;