Bug 30186

Summary: [libc] getaddrinfo(3) does not handle incorrect servname
Product: Base System Reporter: John Morrow <jmorrow>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Open ---    
Severity: Affects Only Me CC: dab
Priority: Normal    
Version: 4.4-PRERELEASE   
Hardware: Any   
OS: Any   

Description John Morrow 2001-08-29 11:30:00 UTC 
If I call getaddrinfo("127.0.0.1", "80", &hints, &res) as a non-root
user and then bind using the returned socket address structure my
program is bound to the wrong address and port. I would have expected
a correctly filled out socket address structure and then a EACCESS
from bind(2).

$ ./a.out 127.0.0.1 80 & sockstat -l4 | grep a.out
jmorrow  a.out    30004    3 tcp4   *:1045                *:*

$ ./a.out 127.0.0.1 8000 & sockstat -l4 | grep a.out
jmorrow  a.out    30009    3 tcp4   127.0.0.1:8000        *:*

Also putting negative or high port numbers into this program
never causes getaddrinfo to return an error.

How-To-Repeat: #include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>

int
main(int argc, char **argv)
{
    struct addrinfo hints, *res;
    int error, sock;

    (void)memset(&hints, 0, sizeof(hints));
    hints.ai_family = PF_UNSPEC;
    hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
    hints.ai_socktype = SOCK_STREAM;
    error = getaddrinfo(argv[1], argv[2], &hints, &res);
    if ( error ) {
        (void)printf("%s: %s\n", argv[1], gai_strerror(error));
        return 1;
    }
    sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
    bind(sock, res->ai_addr, res->ai_addrlen);
    listen(sock, 5);
    sleep(60);
    freeaddrinfo(res);
    return 0;
}
Comment 1 dwmalone 2001-08-29 14:23:38 UTC 
On Wed, Aug 29, 2001 at 03:28:56AM -0700, John Morrow wrote:
> >Description:
> If I call getaddrinfo("127.0.0.1", "80", &hints, &res) as a non-root
> user and then bind using the returned socket address structure my
> program is bound to the wrong address and port. I would have expected
> a correctly filled out socket address structure and then a EACCESS
> from bind(2).

Bind(2) is returning -1 and setting errno to EACCESS, but you didn't
check the return value from bind, so your program didn't notice.
Then, when you call listen(2), an ephemeral port is assigned to
your program so that it can listen.

> Also putting negative or high port numbers into this program
> never causes getaddrinfo to return an error.

I guess that's another issue - I assume it's taking them mod
65536.

	David.
Comment 2 Bruce Cran freebsd_committer freebsd_triage 2009-03-23 21:33:10 UTC 
Responsible Changed
From-To: freebsd-bugs->freebsd-net

Over to maintainer(s).
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 08:01:09 UTC 
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped