From: Todd C. Miller Date: Sun, 26 Jan 2014 20:23:09 +0000 (-0700) Subject: Use inet_aton() instead of inet_addr() as it allows us to distinguish X-Git-Tag: SUDO_1_8_10^2~85 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aaecd326e48d0a747b41efc9bb711611b3ab38e6;p=sudo Use inet_aton() instead of inet_addr() as it allows us to distinguish between the address (or mask 255.255.255.255) and an error. In the future we may consider switching to inet_pton() for IPv4 too. --- diff --git a/configure b/configure index 4feb17272..ba055031b 100755 --- a/configure +++ b/configure @@ -18498,33 +18498,28 @@ $as_echo "no" >&6; } fi -ac_fn_c_check_func "$LINENO" "inet_addr" "ac_cv_func_inet_addr" -if test "x$ac_cv_func_inet_addr" = xyes; then : +ac_fn_c_check_func "$LINENO" "inet_aton" "ac_cv_func_inet_aton" +if test "x$ac_cv_func_inet_aton" = xyes; then : else - ac_fn_c_check_func "$LINENO" "__inet_addr" "ac_cv_func___inet_addr" -if test "x$ac_cv_func___inet_addr" = xyes; then : - -else - - for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do - _libs= - for lib in $libs; do - case "$NET_LIBS" in - *"$lib"*) ;; - *) _libs="$_libs $lib";; - esac - done - libs="${_libs# }" - test -z "$libs" && continue - lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" - extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`" + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`" _sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ *//g' -e 's/-l/_/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_addr in -l$lib${5+ }$extralibs" >&5 -$as_echo_n "checking for inet_addr in -l$lib${5+ }$extralibs... " >&6; } - if { as_var=sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_aton in -l$lib${5+ }$extralibs" >&5 +$as_echo_n "checking for inet_aton in -l$lib${5+ }$extralibs... " >&6; } + if { as_var=sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then : $as_echo_n "(cached) " >&6 else @@ -18539,19 +18534,19 @@ else #ifdef __cplusplus extern "C" #endif -char inet_addr (); +char inet_aton (); int main () { -return inet_addr (); +return inet_aton (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - eval sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras=yes + eval sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras=yes else - eval sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras=no + eval sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras=no fi rm -f core conftest.err conftest.$ac_objext \ @@ -18560,7 +18555,7 @@ rm -f core conftest.err conftest.$ac_objext \ fi - if eval test \$sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras = "yes"; then + if eval test \$sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break @@ -18570,10 +18565,7 @@ $as_echo "no" >&6; } fi - done - -fi - + done fi diff --git a/configure.ac b/configure.ac index 55743f071..4d74aae85 100644 --- a/configure.ac +++ b/configure.ac @@ -2502,26 +2502,24 @@ AC_CHECK_FUNC(socket, [], [ done ]) dnl -dnl If inet_addr(3) not in libc, check -lnsl and -linet +dnl If inet_aton(3) not in libc, check -lnsl and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl -AC_CHECK_FUNC(inet_addr, [], [ - AC_CHECK_FUNC(__inet_addr, [], [ - for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do - _libs= - for lib in $libs; do - case "$NET_LIBS" in - *"$lib"*) ;; - *) _libs="$_libs $lib";; - esac - done - libs="${_libs# }" - test -z "$libs" && continue - lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" - extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" - SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) +AC_CHECK_FUNC(inet_aton, [], [ + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac done - ]) + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, inet_aton, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) + done ]) dnl dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet diff --git a/plugins/sudoers/interfaces.c b/plugins/sudoers/interfaces.c index baf31d3c8..e3f23de56 100644 --- a/plugins/sudoers/interfaces.c +++ b/plugins/sudoers/interfaces.c @@ -87,10 +87,8 @@ set_interfaces(const char *ai) } else { /* IPv4 */ ifp->family = AF_INET; - ifp->addr.ip4.s_addr = inet_addr(addr); - ifp->netmask.ip4.s_addr = inet_addr(mask); - if (ifp->addr.ip4.s_addr == INADDR_NONE || - ifp->netmask.ip4.s_addr == INADDR_NONE) { + if (inet_aton(addr, &ifp->addr.ip4) != 1 || + inet_aton(mask, &ifp->netmask.ip4) != 1) { efree(ifp); continue; } diff --git a/plugins/sudoers/match_addr.c b/plugins/sudoers/match_addr.c index dd92a78ed..e2d4347f3 100644 --- a/plugins/sudoers/match_addr.c +++ b/plugins/sudoers/match_addr.c @@ -61,15 +61,14 @@ addr_matches_if(const char *n) debug_decl(addr_matches_if, SUDO_DEBUG_MATCH) #ifdef HAVE_STRUCT_IN6_ADDR - if (inet_pton(AF_INET6, n, &addr.ip6) > 0) { + if (inet_pton(AF_INET6, n, &addr.ip6) == 1) { family = AF_INET6; } else #endif /* HAVE_STRUCT_IN6_ADDR */ - { - addr.ip4.s_addr = inet_addr(n); - if (addr.ip4.s_addr == INADDR_NONE) - debug_return_bool(false); + if (inet_aton(n, &addr.ip4) == 1) { family = AF_INET; + } else { + debug_return_bool(false); } SLIST_FOREACH(ifp, get_interfaces(), entries) { @@ -115,20 +114,23 @@ addr_matches_if_netmask(const char *n, const char *m) debug_decl(addr_matches_if, SUDO_DEBUG_MATCH) #ifdef HAVE_STRUCT_IN6_ADDR - if (inet_pton(AF_INET6, n, &addr.ip6) > 0) + if (inet_pton(AF_INET6, n, &addr.ip6) == 1) family = AF_INET6; else #endif /* HAVE_STRUCT_IN6_ADDR */ - { - addr.ip4.s_addr = inet_addr(n); - if (addr.ip4.s_addr == INADDR_NONE) - debug_return_bool(false); + if (inet_aton(n, &addr.ip4) == 1) { family = AF_INET; + } else { + debug_return_bool(false); } if (family == AF_INET) { if (strchr(m, '.')) { - mask.ip4.s_addr = inet_addr(m); + if (inet_aton(m, &mask.ip4) != 1) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "IPv4 netmask %s: %s", m, "invalid value"); + debug_return_bool(false); + } } else { i = strtonum(m, 0, 32, &errstr); if (errstr != NULL) { @@ -148,7 +150,7 @@ addr_matches_if_netmask(const char *n, const char *m) } #ifdef HAVE_STRUCT_IN6_ADDR else { - if (inet_pton(AF_INET6, m, &mask.ip6) <= 0) { + if (inet_pton(AF_INET6, m, &mask.ip6) != 1) { j = strtonum(m, 0, 128, &errstr); if (errstr != NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,