Participants
Stefan Kaltenbrunner
Stefan Kaltenbrunner
Tom Lane
Tom Lane
Torsten Zuehlsdorff
Torsten Zuehlsdorff
Attachments
Show all attachments
Thread Outline
#1Stefan KaltenbrunnerStefan Kaltenbrunner
Jun 16, 2016
#2Tom LaneTom Laneto Stefan Kaltenbrunner (#1)
Jun 16, 2016
#3Torsten ZuehlsdorffTorsten Zuehlsdorffto Tom Lane (#2)
Jun 17, 2016

BUG #14198: IPv6 address validation broken

Started by Stefan Kaltenbrunneralmost 10 years ago3 messagesbugs
Jump to latest
#1Stefan Kaltenbrunner
Stefan Kaltenbrunner
stefan@kaltenbrunner.cc

The following bug has been logged on the website:

Bug reference: 14198
Logged by: Stefan Kaltenbrunner
Email address: stefan@kaltenbrunner.cc
PostgreSQL version: 9.5.3
Operating system: Debian Linux
Description:

Hi all!

IPv6 address validation seems to be a "tad" broken in all current
releases:

mastermind=# select '99:99:99:99::99:99:99:99:99:zz'::inet;
inet
::/0
(1 row)
mastermind=# select '99:99:99:99::99:99:99:99:aa::99'::inet;
inet
::/0
(1 row)
mastermind=# select '99:99:99:99::99:99:99:99:99::99'::inet;
inet
::/0
(1 row)

--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Stefan Kaltenbrunner (#1)
Re: BUG #14198: IPv6 address validation broken

stefan@kaltenbrunner.cc writes:

IPv6 address validation seems to be a "tad" broken in all current
releases:

Hmm, looks like we need this at inet_net_pton.c:499:

else if (*src == '\0')
goto enoent;
if (tp + NS_INT16SZ > endp)
- return (0);
+ goto enoent;
*tp++ = (u_char) (val >> 8) & 0xff;
*tp++ = (u_char) val & 0xff;
saw_xdigit = 0;

A bit of googling suggests that this is equally broken in assorted
BSD distributions, which is likely where we got the code from
originally. I wonder who we can report it to?

regards, tom lane

--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

#3Torsten Zuehlsdorff
Torsten Zuehlsdorff
mailinglists@toco-domains.de
In reply to: Tom Lane (#2)
Re: BUG #14198: IPv6 address validation broken

On 16.06.2016 23:05, Tom Lane wrote:

stefan@kaltenbrunner.cc writes:

IPv6 address validation seems to be a "tad" broken in all current
releases:

Hmm, looks like we need this at inet_net_pton.c:499:

else if (*src == '\0')
goto enoent;
if (tp + NS_INT16SZ > endp)
- return (0);
+ goto enoent;
*tp++ = (u_char) (val >> 8) & 0xff;
*tp++ = (u_char) val & 0xff;
saw_xdigit = 0;

A bit of googling suggests that this is equally broken in assorted
BSD distributions, which is likely where we got the code from
originally. I wonder who we can report it to?

For FreeBSD there is a bugtracker:
https://bugs.freebsd.org/bugzilla/enter_bug.cgi

If you are unsure what to fill in, i can do this for you.

Greetings,
Torsten

--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

← Back to Topics