gio: don't accept nonstandard IPv4 "numbers-and-dots" addresses

In addition to the standard "192.168.1.1" format, there are numerous legacy IPv4 address formats (such as "192.168.257", "0xc0.0xa8.0x01.0x01", "0300.0250.0001.0001", "3232235777", and "0xc0a80101"). However, none of these forms are ever used any more except in phishing attempts. GLib wasn't supposed to be accepting these addresses (neither g_hostname_is_ip_address() nor g_inet_address_new_from_string() recognizes them), but getaddrinfo() accepts them, and so the parts of gio that use getaddrinfo() accidentally did accept those formats. Fix GNetworkAddress and GResolver to reject these address formats. https://bugzilla.gnome.org/show_bug.cgi?id=679957
2025-08-02 07:23:41 +02:00 · 2013-08-20 21:36:25 -04:00
parent 5cab3fcec1
commit 5575a3e9cb
7 changed files with 256 additions and 37 deletions
--- a/gio/ginetsocketaddress.h
+++ b/gio/ginetsocketaddress.h
@@ -54,21 +54,24 @@ struct _GInetSocketAddressClass
 };

 GLIB_AVAILABLE_IN_ALL
-GType           g_inet_socket_address_get_type     (void) G_GNUC_CONST;
+GType           g_inet_socket_address_get_type        (void) G_GNUC_CONST;

 GLIB_AVAILABLE_IN_ALL
-GSocketAddress *g_inet_socket_address_new          (GInetAddress       *address,
-						    guint16             port);
+GSocketAddress *g_inet_socket_address_new             (GInetAddress       *address,
+                                                       guint16             port);
+GLIB_AVAILABLE_IN_2_40
+GSocketAddress *g_inet_socket_address_new_from_string (const char         *address,
+                                                       guint               port);

 GLIB_AVAILABLE_IN_ALL
-GInetAddress *  g_inet_socket_address_get_address  (GInetSocketAddress *address);
+GInetAddress *  g_inet_socket_address_get_address     (GInetSocketAddress *address);
 GLIB_AVAILABLE_IN_ALL
-guint16         g_inet_socket_address_get_port     (GInetSocketAddress *address);
+guint16         g_inet_socket_address_get_port        (GInetSocketAddress *address);

 GLIB_AVAILABLE_IN_2_32
-guint32         g_inet_socket_address_get_flowinfo (GInetSocketAddress *address);
+guint32         g_inet_socket_address_get_flowinfo    (GInetSocketAddress *address);
 GLIB_AVAILABLE_IN_2_32
-guint32         g_inet_socket_address_get_scope_id (GInetSocketAddress *address);
+guint32         g_inet_socket_address_get_scope_id    (GInetSocketAddress *address);

 G_END_DECLS