View Issue Details

IDProjectCategoryView StatusLast Update
0037080FPCRTLpublic2020-05-15 12:48
ReporterNoel Duffy Assigned ToMichael Van Canneyt  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.0.4 
Fixed in Version3.3.1 
Summary0037080: StrToHostAddr accepts ipv4 octets containing any Pascal number base notation and mathematical signs
DescriptionThe StrToHostAddr function in the sockets unit converts ipv4 addresses into their internal representation. It uses the Val function to convert octets from strings to bytes, but Val accepts Pascal notation such as '$' and '0x' prefixes for hexadecimal numbers, % for binary notation, and & for octal notation, and it doesn't check input characters before calling Val.

As a consequence, StrToHostAddr will happily parse and pronounce valid addresses like this:

0xa.3.4.5
9.$c.4.5
%1111.%11001110.30.4
&7.&5.30.4

As long as the value in the octet doesn't overflow the byte, it will be accepted.

Additionally, StrToHostAddr doesn't check the number of digits in an octet. This means arbitrary numbers of leading zeroes can be inserted.

E.g,

0000002.3.4.5

Finally, mathematical signs are allowed. E.g,

1.+2.3.4

While negative numbers will be also passed to Val and converted, later validations detect the overflow and so parsing that address will fail. Since the plus doesn't result in an overflow it is accepted.
Steps To ReproduceStrToHostAddr('0xa.3.4.5')
StrToHostAddr('9.$c.4.5')
StrToHostAddr('%1111.%11001110.30.4')
StrToHostAddr('&7.&5.30.4')
StrToHostAddr('+3.4.5.6')
TagsNo tags attached.
Fixed in Revision45367
FPCOldBugId
FPCTarget4.0.0
Attached Files

Activities

Michael Van Canneyt

2020-05-15 12:48

administrator   ~0122816

Fixed. Thanks for reporting!

Issue History

Date Modified Username Field Change
2020-05-15 12:12 Noel Duffy New Issue
2020-05-15 12:43 Michael Van Canneyt Assigned To => Michael Van Canneyt
2020-05-15 12:43 Michael Van Canneyt Status new => assigned
2020-05-15 12:48 Michael Van Canneyt Status assigned => resolved
2020-05-15 12:48 Michael Van Canneyt Resolution open => fixed
2020-05-15 12:48 Michael Van Canneyt Fixed in Version => 3.3.1
2020-05-15 12:48 Michael Van Canneyt Fixed in Revision => 45367
2020-05-15 12:48 Michael Van Canneyt FPCTarget => 4.0.0
2020-05-15 12:48 Michael Van Canneyt Note Added: 0122816