Use inet_aton() instead of inet_addr() as it allows us to distinguish

between the address (or mask 255.255.255.255) and an error. In the future we may consider switching to inet_pton() for IPv4 too.
2014-01-26 13:23:09 -07:00
parent 7e008eb677
commit aaecd326e4
4 changed files with 54 additions and 64 deletions
--- a/plugins/sudoers/interfaces.c
+++ b/plugins/sudoers/interfaces.c
@@ -87,10 +87,8 @@ set_interfaces(const char *ai)
 	} else {
 	    /* IPv4 */
 	    ifp->family = AF_INET;
-	    ifp->addr.ip4.s_addr = inet_addr(addr);
-	    ifp->netmask.ip4.s_addr = inet_addr(mask);
-	    if (ifp->addr.ip4.s_addr == INADDR_NONE ||
-		ifp->netmask.ip4.s_addr == INADDR_NONE) {
+	    if (inet_aton(addr, &ifp->addr.ip4) != 1 ||
+		inet_aton(mask, &ifp->netmask.ip4) != 1) {
 		efree(ifp);
 		continue;
 	    }
--- a/plugins/sudoers/match_addr.c
+++ b/plugins/sudoers/match_addr.c
@@ -61,15 +61,14 @@ addr_matches_if(const char *n)
    debug_decl(addr_matches_if, SUDO_DEBUG_MATCH)

 #ifdef HAVE_STRUCT_IN6_ADDR
-    if (inet_pton(AF_INET6, n, &addr.ip6) > 0) {
+    if (inet_pton(AF_INET6, n, &addr.ip6) == 1) {
 	family = AF_INET6;
    } else
 #endif /* HAVE_STRUCT_IN6_ADDR */
-    {
-	addr.ip4.s_addr = inet_addr(n);
-	if (addr.ip4.s_addr == INADDR_NONE)
-	    debug_return_bool(false);
+    if (inet_aton(n, &addr.ip4) == 1) {
 	family = AF_INET;
+    } else {
+	debug_return_bool(false);
    }

    SLIST_FOREACH(ifp, get_interfaces(), entries) {
@@ -115,20 +114,23 @@ addr_matches_if_netmask(const char *n, const char *m)
    debug_decl(addr_matches_if, SUDO_DEBUG_MATCH)

 #ifdef HAVE_STRUCT_IN6_ADDR
-    if (inet_pton(AF_INET6, n, &addr.ip6) > 0)
+    if (inet_pton(AF_INET6, n, &addr.ip6) == 1)
 	family = AF_INET6;
    else
 #endif /* HAVE_STRUCT_IN6_ADDR */
-    {
-	addr.ip4.s_addr = inet_addr(n);
-	if (addr.ip4.s_addr == INADDR_NONE)
-	    debug_return_bool(false);
+    if (inet_aton(n, &addr.ip4) == 1) {
 	family = AF_INET;
+    } else {
+	debug_return_bool(false);
    }

    if (family == AF_INET) {
 	if (strchr(m, '.')) {
-	    mask.ip4.s_addr = inet_addr(m);
+	    if (inet_aton(m, &mask.ip4) != 1) {
+		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+		    "IPv4 netmask %s: %s", m, "invalid value");
+		debug_return_bool(false);
+	    }
 	} else {
 	    i = strtonum(m, 0, 32, &errstr);
 	    if (errstr != NULL) {
@@ -148,7 +150,7 @@ addr_matches_if_netmask(const char *n, const char *m)
    }
 #ifdef HAVE_STRUCT_IN6_ADDR
    else {
-	if (inet_pton(AF_INET6, m, &mask.ip6) <= 0) {
+	if (inet_pton(AF_INET6, m, &mask.ip6) != 1) {
 	    j = strtonum(m, 0, 128, &errstr);
 	    if (errstr != NULL) {
 		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,