224403 – getaddrinfo() resolves "127.0.0.1 www.example.com" to 127.0.0.1

Bug 224403 - getaddrinfo() resolves "127.0.0.1 www.example.com" to 127.0.0.1

Summary: getaddrinfo() resolves "127.0.0.1 www.example.com" to 127.0.0.1

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	standards (show other bugs)
Version:	11.1-STABLE
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Hajimu UMEMOTO

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-12-17 15:01 UTC by Michael Kaufmann
Modified:	2017-12-27 15:02 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Test program for getaddrinfo() (688 bytes, text/x-csrc) 2017-12-17 15:01 UTC, Michael Kaufmann	no flags	Details
Don't ignore trailing spaces after numerical IP addresses. (512 bytes, patch) 2017-12-18 17:09 UTC, Hajimu UMEMOTO	no flags	Details \| Diff
Don't ignore trailing spaces after numerical IP addresses (rev. 2). (526 bytes, patch) 2017-12-19 12:55 UTC, Hajimu UMEMOTO	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Kaufmann 2017-12-17 15:01:11 UTC

Created attachment 188913 [details]
Test program for getaddrinfo()

getaddrinfo() uses inet_aton(), which ignores trailing spaces after numerical IP addresses. This means that getaddrinfo() resolves the hostname "127.0.0.1 www.example.com" to the IP address 127.0.0.1.

Please see the attached example program.

This bug is also present in some other operating systems, please see https://github.com/curl/curl/pull/2073

Comment 1 Hajimu UMEMOTO freebsd_committer

2017-12-18 17:09:34 UTC

Created attachment 188935 [details]
Don't ignore trailing spaces after numerical IP addresses.

How about the attached patch?

Comment 2 Michael Kaufmann 2017-12-18 18:38:10 UTC

Good approach. I think the characters "x" and "X" should also be added to the list of allowed characters, because the IP parts may have a prefix of "0x" or "0X" (see the man page of inet_aton).

Comment 3 Hajimu UMEMOTO freebsd_committer

2017-12-19 12:55:44 UTC

Created attachment 188957 [details]
Don't ignore trailing spaces after numerical IP addresses (rev. 2).

Sure.  We need to allow the characters from 'a' to 'f' as well.
The revised patch is attached.

Comment 4 Michael Kaufmann 2017-12-20 08:21:30 UTC

You're right :-) Now the patch looks good!

Comment 5 commit-hook freebsd_committer

2017-12-20 17:45:04 UTC

A commit references this bug:

Author: ume
Date: Wed Dec 20 17:44:31 UTC 2017
New revision: 327029
URL: https://svnweb.freebsd.org/changeset/base/327029

Log:
  Don't ignore trailing spaces after numerical IP addresses.

  PR:		224403
  Reported by:	Michael Kaufmann
  Reviewed by:	Michael Kaufmann
  MFC after:	1 week

Changes:
  head/lib/libc/net/getaddrinfo.c

Comment 6 commit-hook freebsd_committer

2017-12-27 14:50:52 UTC

A commit references this bug:

Author: ume
Date: Wed Dec 27 14:50:08 UTC 2017
New revision: 327238
URL: https://svnweb.freebsd.org/changeset/base/327238

Log:
  MFC r327029:
  	Don't ignore trailing spaces after numerical IP addresses.

  PR:		224403

Changes:
_U  stable/10/
  stable/10/lib/libc/net/getaddrinfo.c
_U  stable/11/
  stable/11/lib/libc/net/getaddrinfo.c

Comment 7 Hajimu UMEMOTO freebsd_committer

2017-12-27 15:02:47 UTC

I've committed it into HEAD, stable/11 and stable/10.
Thank you for your input.