From d921ed9a2a553afe0c13638ed339ee42d4572935 Mon Sep 17 00:00:00 2001
From: Chris Packham <judge.packham@gmail.com>
Date: Wed, 4 Jan 2017 13:36:25 +1300
Subject: [PATCH] lib: net_utils: make string_to_ip stricter

Previously values greater than 255 were implicitly truncated. Add some
stricter checking to reject addresses with components >255.

With the input "1234192.168.1.1" the old behaviour would truncate the
address to 192.168.1.1. New behaviour rejects the string outright and
returns 0.0.0.0, which for the purposes of IP addresses can be
considered an error.

Signed-off-by: Chris Packham <judge.packham@gmail.com>
---
 lib/net_utils.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/net_utils.c b/lib/net_utils.c
index cfae842752..8f81e78010 100644
--- a/lib/net_utils.c
+++ b/lib/net_utils.c
@@ -24,6 +24,10 @@ struct in_addr string_to_ip(const char *s)
 
 	for (addr.s_addr = 0, i = 0; i < 4; ++i) {
 		ulong val = s ? simple_strtoul(s, &e, 10) : 0;
+		if (val > 255) {
+			addr.s_addr = 0;
+			return addr;
+		}
 		addr.s_addr <<= 8;
 		addr.s_addr |= (val & 0xFF);
 		if (s) {
-- 
2.39.5