From 6521e5f8466e3f0d176870632e9bcf439e2fcd92 Mon Sep 17 00:00:00 2001 From: Enji Cooper Date: Sat, 24 Dec 2016 11:41:16 +0000 Subject: [PATCH] Be more strict about IpAddress type in snmp_value_parse(..) - Use inet_pton with AF_INET instead of doing longhand with sscanf. - Use gethostbyname2 with AF_INET to ensure that the hostname isn't accidentally parsed with another address family, e.g. AF_INET6. NB: IpAddress per RFC-2578 is IPv4 only. Work is in progress to add the InetAddress type and friends documented in RFC-4001 and elsewhere (which supports IPv4, IPv6, and more). MFC after: 2 weeks --- contrib/bsnmp/lib/snmp.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/contrib/bsnmp/lib/snmp.c b/contrib/bsnmp/lib/snmp.c index b8ff7fd3096d..1c375620c144 100644 --- a/contrib/bsnmp/lib/snmp.c +++ b/contrib/bsnmp/lib/snmp.c @@ -51,6 +51,8 @@ #elif defined(HAVE_INTTYPES_H) #include #endif +#include +#include #include "asn1.h" #include "snmp.h" @@ -1384,29 +1386,16 @@ snmp_value_parse(const char *str, enum snmp_syntax syntax, union snmp_values *v) case SNMP_SYNTAX_IPADDRESS: { struct hostent *he; - u_long ip[4]; - int n; - if (sscanf(str, "%lu.%lu.%lu.%lu%n", &ip[0], &ip[1], &ip[2], - &ip[3], &n) == 4 && (size_t)n == strlen(str) && - ip[0] <= 0xff && ip[1] <= 0xff && - ip[2] <= 0xff && ip[3] <= 0xff) { - v->ipaddress[0] = (u_char)ip[0]; - v->ipaddress[1] = (u_char)ip[1]; - v->ipaddress[2] = (u_char)ip[2]; - v->ipaddress[3] = (u_char)ip[3]; + if (inet_pton(AF_INET, str, &v->ipaddress) == 1) return (0); - } - - if ((he = gethostbyname(str)) == NULL) + if ((he = gethostbyname2(str, AF_INET)) == NULL) return (-1); if (he->h_addrtype != AF_INET) return (-1); - v->ipaddress[0] = he->h_addr[0]; - v->ipaddress[1] = he->h_addr[1]; - v->ipaddress[2] = he->h_addr[2]; - v->ipaddress[3] = he->h_addr[3]; + memcpy(v->ipaddress, he->h_addr, sizeof(v->ipaddress)); + return (0); }