This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH][BZ #15374] Make getent services compliant with RFC 6335 section 5.1

On 10/31/2013 02:32 PM, OndÅej BÃlka wrote:

On Thu, Oct 31, 2013 at 02:09:54PM +0100, Florian Weimer wrote:

On 10/20/2013 08:07 PM, OndÅej BÃlka wrote:

+      char *endptr;
+      long port = strtol (key[i], &endptr, 0);
+
+      if (*endptr == '\0')
+	serv = getservbyport (htons (port), proto);


This accepts leading "-" and "0x", which is not compliant with RFC
6335, either.


There should be strtol (_, _, 10) in case when  somebody names their
service as 0x0.
Yes, and a check for overflow and values outside the defined range (0 to 65535, I think, although 0 is questionable). 


In bugzilla a reason for this change was:

Checking IANA, there are currently 28 service names registered that
begin with a digit, for example 3com-tsmux and 3gpp-cbsp.


Oh well.  Then I think fixing libc won't hurt.

--
Florian Weimer / Red Hat Product Security Team
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]