nwrap: Better check service string sanity.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11501 Patch use strtol() instead of atoi() to convert strings to numbers. This helps better check sanity of service input string. Signed-off-by: Robin Hack <[email protected]> Reviewed-by: Andreas Schneider <[email protected]> Reviewed-by: Michael Adam <[email protected]>
kristjanvalur · Jan 11, 2016 · 72764a6 · 72764a6
1 parent 200f5bf
commit 72764a6
Showing 1 changed file with 28 additions and 19 deletions.
diff --git a/lib/nss_wrapper/nss_wrapper.c b/lib/nss_wrapper/nss_wrapper.c
@@ -5077,33 +5077,42 @@ static int nwrap_getaddrinfo(const char *node,
 	}
 
 	if (service != NULL && service[0] != '\0') {
-		if (isdigit((int)service[0])) {
-			port = (unsigned short)atoi(service);
-		} else {
-			const char *proto = NULL;
-			struct servent *s;
+		const char *proto = NULL;
+		struct servent *s;
+		char *end_ptr;
+		long sl;
 
-			if (hints->ai_protocol != 0) {
-				struct protoent *pent;
+		errno = 0;
+		sl = strtol(service, &end_ptr, 10);
 
-				pent = getprotobynumber(hints->ai_protocol);
-				if (pent != NULL) {
-					proto = pent->p_name;
-				}
+		if (*end_ptr == '\0' || end_ptr != service) {
+			port = sl;
+			goto valid_port;
+		} else if (hints->ai_flags & AI_NUMERICSERV) {
+			return EAI_SERVICE;
+		}
+
+		if (hints->ai_protocol != 0) {
+			struct protoent *pent;
+
+			pent = getprotobynumber(hints->ai_protocol);
+			if (pent != NULL) {
+				proto = pent->p_name;
 			}
+		}
 
-			s = getservbyname(service, proto);
-			if (s != NULL) {
-				port = ntohs(s->s_port);
-			} else {
-				if (p != NULL) {
-					freeaddrinfo(p);
-				}
-				return EAI_SERVICE;
+		s = getservbyname(service, proto);
+		if (s != NULL) {
+			port = ntohs(s->s_port);
+		} else {
+			if (p != NULL) {
+				freeaddrinfo(p);
 			}
+			return EAI_SERVICE;
 		}
 	}
 
+valid_port:
 	rc = 0;
 	if (hints->ai_family == AF_UNSPEC || hints->ai_family == AF_INET) {
 		rc = inet_pton(AF_INET, node, &addr.in.v4);