Use inet_aton() instead of inet_addr() as it allows us to distinguish

between the address (or mask 255.255.255.255) and an error. In the future we may consider switching to inet_pton() for IPv4 too.
2014-01-26 13:23:09 -07:00
parent 7e008eb677
commit aaecd326e4
4 changed files with 54 additions and 64 deletions
--- a/54
+++ b/54
@@ -18498,33 +18498,28 @@ $as_echo "no" >&6; }

 fi

-ac_fn_c_check_func "$LINENO" "inet_addr" "ac_cv_func_inet_addr"
-if test "x$ac_cv_func_inet_addr" = xyes; then :
+ac_fn_c_check_func "$LINENO" "inet_aton" "ac_cv_func_inet_aton"
+if test "x$ac_cv_func_inet_aton" = xyes; then :

 else

-    ac_fn_c_check_func "$LINENO" "__inet_addr" "ac_cv_func___inet_addr"
-if test "x$ac_cv_func___inet_addr" = xyes; then :
-
-else
-
-	for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
-	    _libs=
-	    for lib in $libs; do
-		case "$NET_LIBS" in
-		    *"$lib"*)   ;;
-		    *)		_libs="$_libs $lib";;
-		esac
-	    done
-	    libs="${_libs# }"
-	    test -z "$libs" && continue
-	    lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
-	    extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`"
+    for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
+	_libs=
+	for lib in $libs; do
+	    case "$NET_LIBS" in
+		*"$lib"*)   ;;
+		*)		_libs="$_libs $lib";;
+	    esac
+	done
+	libs="${_libs# }"
+	test -z "$libs" && continue
+	lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
+	extralibs="`echo \"$libs\"|sed 's/^-l[^ ]*//'`"

    _sudo_check_lib_extras=`echo "$extralibs"|sed -e 's/ 	*//g' -e 's/-l/_/g'`
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_addr in -l$lib${5+ }$extralibs" >&5
-$as_echo_n "checking for inet_addr in -l$lib${5+ }$extralibs... " >&6; }
-    if { as_var=sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then :
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_aton in -l$lib${5+ }$extralibs" >&5
+$as_echo_n "checking for inet_aton in -l$lib${5+ }$extralibs... " >&6; }
+    if { as_var=sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras; eval \${$as_var+:} false; }; then :
  $as_echo_n "(cached) " >&6
 else

@@ -18539,19 +18534,19 @@ else
 #ifdef __cplusplus
 extern "C"
 #endif
-char inet_addr ();
+char inet_aton ();
 int
 main ()
 {
-return inet_addr ();
+return inet_aton ();
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_link "$LINENO"; then :
-  eval sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras=yes
+  eval sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras=yes
 else
-  eval sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras=no
+  eval sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras=no

 fi
 rm -f core conftest.err conftest.$ac_objext \
@@ -18560,7 +18555,7 @@ rm -f core conftest.err conftest.$ac_objext \

 fi

-    if eval test \$sudo_cv_lib_$lib''_inet_addr$_sudo_check_lib_extras = "yes"; then
+    if eval test \$sudo_cv_lib_$lib''_inet_aton$_sudo_check_lib_extras = "yes"; then
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 $as_echo "yes" >&6; }
 	NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break
@@ -18570,10 +18565,7 @@ $as_echo "no" >&6; }

    fi

-	done
-
-fi
-
+    done

 fi

--- a/configure.ac
+++ b/configure.ac
@@ -2502,26 +2502,24 @@ AC_CHECK_FUNC(socket, [], [
    done
 ])
 dnl
-dnl If inet_addr(3) not in libc, check -lnsl and -linet
+dnl If inet_aton(3) not in libc, check -lnsl and -linet
 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
 dnl
-AC_CHECK_FUNC(inet_addr, [], [
-    AC_CHECK_FUNC(__inet_addr, [], [
-	for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
-	    _libs=
-	    for lib in $libs; do
-		case "$NET_LIBS" in
-		    *"$lib"*)   ;;
-		    *)		_libs="$_libs $lib";;
-		esac
-	    done
-	    libs="${_libs# }"
-	    test -z "$libs" && continue
-	    lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
-	    extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
-	    SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
+AC_CHECK_FUNC(inet_aton, [], [
+    for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
+	_libs=
+	for lib in $libs; do
+	    case "$NET_LIBS" in
+		*"$lib"*)   ;;
+		*)		_libs="$_libs $lib";;
+	    esac
 	done
-    ])
+	libs="${_libs# }"
+	test -z "$libs" && continue
+	lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
+	extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
+	SUDO_CHECK_LIB($lib, inet_aton, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
+    done
 ])
 dnl
 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
--- a/plugins/sudoers/interfaces.c
+++ b/plugins/sudoers/interfaces.c
@@ -87,10 +87,8 @@ set_interfaces(const char *ai)
 	} else {
 	    /* IPv4 */
 	    ifp->family = AF_INET;
-	    ifp->addr.ip4.s_addr = inet_addr(addr);
-	    ifp->netmask.ip4.s_addr = inet_addr(mask);
-	    if (ifp->addr.ip4.s_addr == INADDR_NONE ||
-		ifp->netmask.ip4.s_addr == INADDR_NONE) {
+	    if (inet_aton(addr, &ifp->addr.ip4) != 1 ||
+		inet_aton(mask, &ifp->netmask.ip4) != 1) {
 		efree(ifp);
 		continue;
 	    }
--- a/plugins/sudoers/match_addr.c
+++ b/plugins/sudoers/match_addr.c
@@ -61,15 +61,14 @@ addr_matches_if(const char *n)
    debug_decl(addr_matches_if, SUDO_DEBUG_MATCH)

 #ifdef HAVE_STRUCT_IN6_ADDR
-    if (inet_pton(AF_INET6, n, &addr.ip6) > 0) {
+    if (inet_pton(AF_INET6, n, &addr.ip6) == 1) {
 	family = AF_INET6;
    } else
 #endif /* HAVE_STRUCT_IN6_ADDR */
-    {
-	addr.ip4.s_addr = inet_addr(n);
-	if (addr.ip4.s_addr == INADDR_NONE)
-	    debug_return_bool(false);
+    if (inet_aton(n, &addr.ip4) == 1) {
 	family = AF_INET;
+    } else {
+	debug_return_bool(false);
    }

    SLIST_FOREACH(ifp, get_interfaces(), entries) {
@@ -115,20 +114,23 @@ addr_matches_if_netmask(const char *n, const char *m)
    debug_decl(addr_matches_if, SUDO_DEBUG_MATCH)

 #ifdef HAVE_STRUCT_IN6_ADDR
-    if (inet_pton(AF_INET6, n, &addr.ip6) > 0)
+    if (inet_pton(AF_INET6, n, &addr.ip6) == 1)
 	family = AF_INET6;
    else
 #endif /* HAVE_STRUCT_IN6_ADDR */
-    {
-	addr.ip4.s_addr = inet_addr(n);
-	if (addr.ip4.s_addr == INADDR_NONE)
-	    debug_return_bool(false);
+    if (inet_aton(n, &addr.ip4) == 1) {
 	family = AF_INET;
+    } else {
+	debug_return_bool(false);
    }

    if (family == AF_INET) {
 	if (strchr(m, '.')) {
-	    mask.ip4.s_addr = inet_addr(m);
+	    if (inet_aton(m, &mask.ip4) != 1) {
+		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+		    "IPv4 netmask %s: %s", m, "invalid value");
+		debug_return_bool(false);
+	    }
 	} else {
 	    i = strtonum(m, 0, 32, &errstr);
 	    if (errstr != NULL) {
@@ -148,7 +150,7 @@ addr_matches_if_netmask(const char *n, const char *m)
    }
 #ifdef HAVE_STRUCT_IN6_ADDR
    else {
-	if (inet_pton(AF_INET6, m, &mask.ip6) <= 0) {
+	if (inet_pton(AF_INET6, m, &mask.ip6) != 1) {
 	    j = strtonum(m, 0, 128, &errstr);
 	    if (errstr != NULL) {
 		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,