Postgres Pro
Downloads
Home   >   mailing lists

Thread: BUG #14198: IPv6 address validation broken

BUG #14198: IPv6 address validation broken

From
stefan@kaltenbrunner.cc
Date:
VGhlIGZvbGxvd2luZyBidWcgaGFzIGJlZW4gbG9nZ2VkIG9uIHRoZSB3ZWJz
aXRlOgoKQnVnIHJlZmVyZW5jZTogICAgICAxNDE5OApMb2dnZWQgYnk6ICAg
ICAgICAgIFN0ZWZhbiBLYWx0ZW5icnVubmVyCkVtYWlsIGFkZHJlc3M6ICAg
ICAgc3RlZmFuQGthbHRlbmJydW5uZXIuY2MKUG9zdGdyZVNRTCB2ZXJzaW9u
OiA5LjUuMwpPcGVyYXRpbmcgc3lzdGVtOiAgIERlYmlhbiBMaW51eApEZXNj
cmlwdGlvbjogICAgICAgIAoKSGkgYWxsIQ0KDQoNCklQdjYgYWRkcmVzcyB2
YWxpZGF0aW9uIHNlZW1zIHRvIGJlIGEgInRhZCIgYnJva2VuIGluIGFsbCBj
dXJyZW50CnJlbGVhc2VzOg0KDQoNCm1hc3Rlcm1pbmQ9IyBzZWxlY3QgJzk5
Ojk5Ojk5Ojk5Ojo5OTo5OTo5OTo5OTo5OTp6eic6OmluZXQ7DQppbmV0DQo6
Oi8wDQooMSByb3cpDQptYXN0ZXJtaW5kPSMgc2VsZWN0ICc5OTo5OTo5OTo5
OTo6OTk6OTk6OTk6OTk6YWE6Ojk5Jzo6aW5ldDsNCmluZXQNCjo6LzANCigx
IHJvdykNCm1hc3Rlcm1pbmQ9IyBzZWxlY3QgJzk5Ojk5Ojk5Ojk5Ojo5OTo5
OTo5OTo5OTo5OTo6OTknOjppbmV0Ow0KaW5ldA0KOjovMA0KKDEgcm93KQoK

Re: BUG #14198: IPv6 address validation broken

From
Tom Lane
Date:
stefan@kaltenbrunner.cc writes:
> IPv6 address validation seems to be a "tad" broken in all current
> releases:

Hmm, looks like we need this at inet_net_pton.c:499:

            else if (*src == '\0')
                goto enoent;
            if (tp + NS_INT16SZ > endp)
-                return (0);
+                goto enoent;
            *tp++ = (u_char) (val >> 8) & 0xff;
            *tp++ = (u_char) val & 0xff;
            saw_xdigit = 0;

A bit of googling suggests that this is equally broken in assorted
BSD distributions, which is likely where we got the code from
originally.  I wonder who we can report it to?

            regards, tom lane

Re: BUG #14198: IPv6 address validation broken

From
Torsten Zuehlsdorff
Date:
On 16.06.2016 23:05, Tom Lane wrote:
> stefan@kaltenbrunner.cc writes:
>> IPv6 address validation seems to be a "tad" broken in all current
>> releases:
>
> Hmm, looks like we need this at inet_net_pton.c:499:
>
>             else if (*src == '\0')
>                 goto enoent;
>             if (tp + NS_INT16SZ > endp)
> -                return (0);
> +                goto enoent;
>             *tp++ = (u_char) (val >> 8) & 0xff;
>             *tp++ = (u_char) val & 0xff;
>             saw_xdigit = 0;
>
> A bit of googling suggests that this is equally broken in assorted
> BSD distributions, which is likely where we got the code from
> originally.  I wonder who we can report it to?

For FreeBSD there is a bugtracker:
https://bugs.freebsd.org/bugzilla/enter_bug.cgi

If you are unsure what to fill in, i can do this for you.

Greetings,
Torsten