Merge pull request #7532 from AndrzejKurek/remove-leading-zeroes-ip-parsing

Disallow leading zeroes when parsing IPv4 addresses
This commit is contained in:
Paul Elliott 2023-05-15 13:59:10 +01:00 committed by GitHub
commit 926bcb04fe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 2 deletions

View file

@ -2813,7 +2813,6 @@ static int x509_inet_pton_ipv6(const char *src, void *dst)
static int x509_inet_pton_ipv4(const char *src, void *dst) static int x509_inet_pton_ipv4(const char *src, void *dst)
{ {
/* note: allows leading 0's, e.g. 000.000.000.000 */
const unsigned char *p = (const unsigned char *) src; const unsigned char *p = (const unsigned char *) src;
uint8_t *res = (uint8_t *) dst; uint8_t *res = (uint8_t *) dst;
uint8_t digit, num_digits = 0; uint8_t digit, num_digits = 0;
@ -2827,13 +2826,20 @@ static int x509_inet_pton_ipv4(const char *src, void *dst)
if (digit > 9) { if (digit > 9) {
break; break;
} }
/* Don't allow leading zeroes. These might mean octal format,
* which this implementation does not support. */
if (octet == 0 && num_digits > 0) {
return -1;
}
octet = octet * 10 + digit; octet = octet * 10 + digit;
num_digits++; num_digits++;
p++; p++;
} while (num_digits < 3); } while (num_digits < 3);
if (octet >= 256 || num_digits > 3 || num_digits == 0) { if (octet >= 256 || num_digits > 3 || num_digits == 0) {
break; return -1;
} }
*res++ = (uint8_t) octet; *res++ = (uint8_t) octet;
num_octets++; num_octets++;

View file

@ -1046,6 +1046,12 @@ x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip
X509 CRT parse CN: IPv4 valid address X509 CRT parse CN: IPv4 valid address
x509_crt_parse_cn_inet_pton:"10.10.10.10":"0A0A0A0A":4 x509_crt_parse_cn_inet_pton:"10.10.10.10":"0A0A0A0A":4
X509 CRT parse CN: IPv4 leading zeroes #1
x509_crt_parse_cn_inet_pton:"010.10.10.10":"":0
X509 CRT parse CN: IPv4 leading zeroes #2
x509_crt_parse_cn_inet_pton:"10.10.10.001":"":0
X509 CRT parse CN: IPv4 excess 0s X509 CRT parse CN: IPv4 excess 0s
x509_crt_parse_cn_inet_pton:"10.0000.10.10":"":0 x509_crt_parse_cn_inet_pton:"10.0000.10.10":"":0