inet_pton: fix uninitialized memory use for IPv4-mapped IPv6 addresses

[musl] / src / network / inet_pton.c
diff --git a/src/network/inet_pton.c b/src/network/inet_pton.c

index 5affb08..bcbdd9e 100644 (file)
--- a/src/network/inet_pton.c
+++ b/src/network/inet_pton.c
@@ -1,7 +1,5 @@
  #include <sys/socket.h>
-#include <netdb.h>
  #include <arpa/inet.h>
-#include <stdlib.h>
  #include <ctype.h>
  #include <errno.h>
  #include <string.h>
@@ -14,59 +12,52 @@ static int hexval(unsigned c)
         return -1;
  }
  
-int inet_pton(int af, const char *s, void *a0)
+int inet_pton(int af, const char *restrict s, void *restrict a0)
  {
         uint16_t ip[8];
         unsigned char *a = a0;
-       const char *z;
-       unsigned long x;
         int i, j, v, d, brk=-1, need_v4=0;
  
-       /* Reimplement this because inet_pton cannot accept special v4 forms */
         if (af==AF_INET) {
-               for (i=0; i<4 && *s; i++) {
-                       a[i] = x = strtoul(s, (char **)&z, 10);
-                       if (!isdigit(*s) || z==s || (*z && *z != '.') || x>255)
-                               return 0;
-                       s=z+1;
+               for (i=0; i<4; i++) {
+                       for (v=j=0; j<3 && isdigit(s[j]); j++)
+                               v = 10*v + s[j]-'0';
+                       if (j==0 || (j>1 && s[0]=='0') || v>255) return 0;
+                       a[i] = v;
+                       if (s[j]==0 && i==3) return 1;
+                       if (s[j]!='.') return 0;
+                       s += j+1;
                 }
-               return 1;
+               return 0;
         } else if (af!=AF_INET6) {
                 errno = EAFNOSUPPORT;
                 return -1;
         }
  
-       if (s[0]==':' && s[1]==':') {
-               s+=2;
-               brk=0;
-       }
+       if (*s==':' && *++s!=':') return 0;
  
-       for (i=0; ; i++, s+=j+1) {
+       for (i=0; ; i++) {
                 if (s[0]==':' && brk<0) {
                         brk=i;
-                       j=0;
-                       ip[i]=0;
-                       if (!s[1]) break;
+                       ip[i&7]=0;
+                       if (!*++s) break;
+                       if (i==7) return 0;
                         continue;
                 }
-               if (hexval(s[0])<0) return -1;
-               while (s[0]=='0' && s[1]=='0') s++;
-               for (v=j=0; j<5 && (d=hexval(s[j]))>=0; j++)
+               for (v=j=0; j<4 && (d=hexval(s[j]))>=0; j++)
                         v=16*v+d;
-               if (v > 65535) return -1;
-               ip[i] = v;
-               if (!s[j]) {
-                       if (brk<0 && i!=7) return -1;
-                       break;
-               }
-               if (i<7) {
-                       if (s[j]==':') continue;
-                       if (s[j]!='.') return -1;
+               if (j==0) return 0;
+               ip[i&7] = v;
+               if (!s[j] && (brk>=0 || i==7)) break;
+               if (i==7) return 0;
+               if (s[j]!=':') {
+                       if (s[j]!='.' || (i<6 && brk<0)) return 0;
                         need_v4=1;
                         i++;
+                       ip[i&7]=0;
                         break;
                 }
-               return -1;
+               s += j+1;
         }
         if (brk>=0) {
                 memmove(ip+brk+7-i, ip+brk, 2*(i+1-brk));
@@ -76,6 +67,6 @@ int inet_pton(int af, const char *s, void *a0)
                 *a++ = ip[j]>>8;
                 *a++ = ip[j];
         }
-       if (need_v4 &&inet_pton(AF_INET, (void *)s, a-4) <= 0) return -1;
+       if (need_v4 && inet_pton(AF_INET, (void *)s, a-4) <= 0) return 0;
         return 1;
  }