Featured content is also available via:

gio: don't accept nonstandard IPv4 "numbers-and-dots" addresses

Desktop / GNOME / GLib - Dan Winship [gnome.org] - 15 February 2014 09:22 UTC

In addition to the standard "192.168.1.1" format, there are numerous legacy IPv4 address formats (such as "192.168.257", "0xc0.0xa8.0x01.0x01", "0300.0250.0001.0001", "3232235777", and "0xc0a80101"). However, none of these forms are ever used any more except in phishing attempts. GLib wasn't supposed to be accepting these addresses (neither g_hostname_is_ip_address() nor g_inet_address_new_from_string() recognizes them), but getaddrinfo() accepts them, and so the parts of gio that use getaddrinfo() accidentally did accept those formats.

Fix GNetworkAddress and GResolver to reject these address formats.

https://bugzilla.gnome.org/show_bug.cgi?id=679957

5575a3e gio: don't accept nonstandard IPv4 "numbers-and-dots" addresses
docs/reference/gio/gio-sections.txt | 1 +
gio/ginetsocketaddress.c | 74 ++++++++++++++++++++++
gio/ginetsocketaddress.h | 17 ++---
gio/gnetworkaddress.c | 28 +++------
gio/gresolver.c | 55 ++++++++++++++---
gio/gthreadedresolver.c | 2 +-
gio/tests/network-address.c | 116 +++++++++++++++++++++++++++++++++++
7 files changed, 256 insertions(+), 37 deletions(-)

Upstream: git.gnome.org