Re: [PATCH][BZ #15374] Make getent services compliant with RFC 6335 section 5.1

[OndÅej BÃlka <neleai at seznam dot cz>]

On Thu, Oct 31, 2013 at 02:35:51PM +0100, Florian Weimer wrote:
> On 10/31/2013 02:32 PM, OndÅej BÃlka wrote:
> >On Thu, Oct 31, 2013 at 02:09:54PM +0100, Florian Weimer wrote:
> >>On 10/20/2013 08:07 PM, OndÅej BÃlka wrote:
> >>>+      char *endptr;
> >>>+      long port = strtol (key[i], &endptr, 0);
> >>>+
> >>>+      if (*endptr == '\0')
> >>>+	serv = getservbyport (htons (port), proto);
> >>
> >>This accepts leading "-" and "0x", which is not compliant with RFC
> >>6335, either.
> >>
> >There should be strtol (_, _, 10) in case when  somebody names their
> >service as 0x0.
> 
> Yes, and a check for overflow and values outside the defined range
> (0 to 65535, I think, although 0 is questionable).
> 
> >In bugzilla a reason for this change was:
> >
> >Checking IANA, there are currently 28 service names registered that
> >begin with a digit, for example 3com-tsmux and 3gpp-cbsp.
> 
> Oh well.  Then I think fixing libc won't hurt.
> 
> -- 
> Florian Weimer / Red Hat Product Security Team

-- 

Here is new version. Overflows are handled by strtol returning LONG_MAX.

	[BZ #15374]
	* nss/getent.c: Recognize services starting with digit.

diff --git a/nss/getent.c b/nss/getent.c
index 8a3c864..755e613 100644
--- a/nss/getent.c
+++ b/nss/getent.c
@@ -788,8 +788,14 @@ services_keys (int number, char *key[])
       if (proto != NULL)
 	*proto++ = '\0';
 
-      if (isdigit (key[i][0]))
-	serv = getservbyport (htons (atol (key[i])), proto);
+      char *endptr;
+      long port = strtol (key[i], &endptr, 10);
+
+      if (*endptr == '\0')
+	{
+	  if (0 <= port && port <= 65535)
+	    serv = getservbyport (htons (port), proto);
+	}
       else
 	serv = getservbyname (key[i], proto);