From 6a3cb6b1bd63e167fc525cce07010ff78197b271 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Wed, 12 Feb 2025 19:46:06 +0100
Subject: nss: Improve network number parsers (bz 32573, 32575)

Make sure that numbers never overflow uint32_t in inet_network to
properly validate octets encountered in IPv4 addresses.

Avoid malloca in NSS networks file code because /etc/networks lines
can be arbitrarily long. Instead of handcrafting the input for
inet_network by adding ".0" octets if they are missing, just left shift
the result. Also, do not accept invalid entries, but ignore the line
instead.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 inet/inet_net.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'inet')

diff --git a/inet/inet_net.c b/inet/inet_net.c
index 50b526705d..13a818176d 100644
--- a/inet/inet_net.c
+++ b/inet/inet_net.c
@@ -69,6 +69,8 @@ again:
 	if (*cp == 'x' || *cp == 'X')
 		digit = 0, base = 16, cp++;
 	while ((c = *cp) != 0) {
+		if (val > 0xff)
+			return (INADDR_NONE);
 		if (isdigit(c)) {
 			if (base == 8 && (c == '8' || c == '9'))
 				return (INADDR_NONE);
-- 
cgit v1.2.3