This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH][BZ #15374] Make getent services compliant with RFC 6335 section 5.1
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 31 Oct 2013 16:01:44 +0100
- Subject: Re: [PATCH][BZ #15374] Make getent services compliant with RFC 6335 section 5.1
- Authentication-results: sourceware.org; auth=none
- References: <20131020180745 dot GA18200 at domone dot podge> <527256A2 dot 40902 at redhat dot com> <20131031133244 dot GA19495 at domone dot podge> <52725CB7 dot 30300 at redhat dot com>
On Thu, Oct 31, 2013 at 02:35:51PM +0100, Florian Weimer wrote:
> On 10/31/2013 02:32 PM, OndÅej BÃlka wrote:
> >On Thu, Oct 31, 2013 at 02:09:54PM +0100, Florian Weimer wrote:
> >>On 10/20/2013 08:07 PM, OndÅej BÃlka wrote:
> >>>+ char *endptr;
> >>>+ long port = strtol (key[i], &endptr, 0);
> >>>+
> >>>+ if (*endptr == '\0')
> >>>+ serv = getservbyport (htons (port), proto);
> >>
> >>This accepts leading "-" and "0x", which is not compliant with RFC
> >>6335, either.
> >>
> >There should be strtol (_, _, 10) in case when somebody names their
> >service as 0x0.
>
> Yes, and a check for overflow and values outside the defined range
> (0 to 65535, I think, although 0 is questionable).
>
> >In bugzilla a reason for this change was:
> >
> >Checking IANA, there are currently 28 service names registered that
> >begin with a digit, for example 3com-tsmux and 3gpp-cbsp.
>
> Oh well. Then I think fixing libc won't hurt.
>
> --
> Florian Weimer / Red Hat Product Security Team
--
Here is new version. Overflows are handled by strtol returning LONG_MAX.
[BZ #15374]
* nss/getent.c: Recognize services starting with digit.
diff --git a/nss/getent.c b/nss/getent.c
index 8a3c864..755e613 100644
--- a/nss/getent.c
+++ b/nss/getent.c
@@ -788,8 +788,14 @@ services_keys (int number, char *key[])
if (proto != NULL)
*proto++ = '\0';
- if (isdigit (key[i][0]))
- serv = getservbyport (htons (atol (key[i])), proto);
+ char *endptr;
+ long port = strtol (key[i], &endptr, 10);
+
+ if (*endptr == '\0')
+ {
+ if (0 <= port && port <= 65535)
+ serv = getservbyport (htons (port), proto);
+ }
else
serv = getservbyname (key[i], proto);