cellconfig: check for invalid dotted quads

IP addresses entered into the CellServDB with components larger
than 255 would silently be trucated down to 8-bit unsigned integer
representations.  This could cause confusing behavior with
occasional hangs.

FIXES 131794

Reviewed-on: http://gerrit.openafs.org/12109
Reviewed-by: Chas Williams <3chas3@gmail.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 97150150e6d12cbbc0c4a5af3424c9bf1e56918c)

Change-Id: I4e628ab7e12e33b23cc513a268879de115ddec2e
Reviewed-on: https://gerrit.openafs.org/12210
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/auth/cellconfig.c b/src/auth/cellconfig.c
index 06cbada8d9699b444781d85c25746068f83f07cd..ec95251faa1a71d9a449a2c685eeb68905f5d655 100644 (file)
--- a/src/auth/cellconfig.c
+++ b/src/auth/cellconfig.c
@@ -870,7 +870,8 @@ static int
 ParseHostLine(char *aline, struct sockaddr_in *addr, char *aname,
              char *aclone)
 {
-    int c1, c2, c3, c4;
+    int i;
+    int c[4];
     afs_int32 code;
     char *tp;
 
@@ -878,25 +879,34 @@ ParseHostLine(char *aline, struct sockaddr_in *addr, char *aname,
        if (aclone)
            *aclone = 1;
        /* FIXME: length of aname unknown here */
-       code = sscanf(aline, "[%d.%d.%d.%d] #%s", &c1, &c2, &c3, &c4, aname);
+       code = sscanf(aline, "[%d.%d.%d.%d] #%s", &c[0], &c[1], &c[2], &c[3],
+                     aname);
     } else {
        if (aclone)
            *aclone = 0;
        /* FIXME: length of aname unknown here */
-       code = sscanf(aline, "%d.%d.%d.%d #%s", &c1, &c2, &c3, &c4, aname);
+       code = sscanf(aline, "%d.%d.%d.%d #%s", &c[0], &c[1], &c[2], &c[3],
+                     aname);
     }
     if (code != 5)
        return AFSCONF_SYNTAX;
+    for(i = 0; i < 4; ++i) {
+       if (c[i] < 0 || c[i] > 255) {
+           fprintf(stderr, "Illegal IP address %d.%d.%d.%d\n", c[0], c[1],
+                   c[2], c[3]);
+           return AFSCONF_SYNTAX;
+       }
+    }
     addr->sin_family = AF_INET;
     addr->sin_port = 0;
 #ifdef STRUCT_SOCKADDR_HAS_SA_LEN
     addr->sin_len = sizeof(struct sockaddr_in);
 #endif
     tp = (char *)&addr->sin_addr;
-    *tp++ = c1;
-    *tp++ = c2;
-    *tp++ = c3;
-    *tp++ = c4;
+    *tp++ = c[0];
+    *tp++ = c[1];
+    *tp++ = c[2];
+    *tp++ = c[3];
     return 0;
 }